Mid-Level Penetration Tester

ECS is seeking a Mid-Level Penetration Tester to work in our Suitland, MD office.  

ECS is a rapidly growing information security and information technology company. We are looking to hire a Mid-Level Penetration Tester to support a full range of cyber security services on a long-term contract near Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

Position Responsibilities:

• Identify threat tactics, methodologies, gaps, and shortfalls.
• Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).
• Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise’s computer systems in software development.
• Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
• Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.
• Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations.
• Maintain baseline system security according to organizational policies.
• Maintain database management systems software.
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
• Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
• Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.
• Verify stability, interoperability, portability, and/or scalability of system architecture.
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Salary Range: $106,400 - $122,400

General Description of Benefits

Qualifications

• Strong written and verbal communication skills.
• Knowledge of capabilities and requirements analysis, cyber defense and vulnerability assessment tools and their capabilities, complex data structures, computer algorithms, programming principles, concepts and practices of processing digital forensic data.
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
• Plan and create penetration methods, scripts and tests
• Understanding of incident categories, incident responses, and timelines for responses.
• Experience with incident response and handling methodologies.
• Carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security
• Network access, identity, and access management experience (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• In-depth understanding of network hardware devices and functions and network traffic analysis methods.
• Knowledge of server diagnostic tools and fault identification techniques.
• Simulate security breaches to test a system's relative security

Certifications/Licenses:

• Bachelors degree or higher
• 5+ years’ penetration testing experience as well as additional experience in network security, reverse engineering, programming, databases, mainframes, web applications
• One or more of the following certifications preferred:
• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH) Certification
• GIAC Penetration Tester (GPEN) Certification
• Active Secret clearance or higher
• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH) Certification
• GIAC Penetration Tester (GPEN) Certification