Penetration Tester - Arlington, Virginia

Description · gTANGIBLE Corporation (gTC), , is a C corporation and a registered Government contractor that provides services and solutions in: · National Security Programs · Professional, Administrative, and Management Support · Mission and Warfighter Support · We are a Service- ...

Job description

Description

gTANGIBLE Corporation (gTC), , is a C corporation and a registered Government contractor that provides services and solutions in:

• National Security Programs
• Professional, Administrative, and Management Support
• Mission and Warfighter Support

We are a Service-Disabled Veteran-Owned Small Business (SDVOSB) and the founder has years of successful experience in the Government contracting arena. Our leadership team is an exceptional group of Government contracting professionals. gTANGIBLE is in the process of identifying candidates for the following position.

Requisition Type: Full Time

Position Status:  Contingent

Position Title: Penetration Tester

Location: Arlington, VA

Security Clearance:Secret

 

Duties and Responsibilities

The Penetration Tester supports this Transportation Security Administration Information Technology (TSA IT) Task Order (TO) by performing security attacks against all types of IT assets, and exploiting vulnerabilities found to determine if further reach within the engagement scope can be obtained. Provide final reports and presentations of the findings identified to personnel with a variety of technical knowledge to enable TSA IT management to make informed decisions about how to address the identified findings. Occasional off-hours testing and periodic travel required. Duties include the following:

•  Conducts penetration testing activities on TSA network.
• Engages with TSA stakeholders to tailor the Rules of Engagement and create test plans.
• Penetration testing will use both automated tools and manual techniques in order to identify vulnerabilities and exploit vulnerabilities.
• Analyzes and validates test results and generates final reports and presents findings to the TSA IT management to make informed decisions on how to address the identified findings. 
• Provides support, review, and recommendations of system security design, configuration, security findings, and data flow. 
• Conducts Participates with stakeholders regarding findings meetings and responses.
• Coordinates with the TSA Security Operations Center (SOC) to provide assistance with Security Information and Event Management (SIEM) detection content to improve the TSA SOC's ability to detect activities performed during testing engagements.
• Provides Product and Technology Evaluations (NPTE) on technologies that are used for screening operations at the airports. Evaluation of technologies proposed by the Innovation Task Force's Advancing the Checkpoint Environment (ACE), with Requirements and Capability Analysis (RCA) features, in support of the Acquisitions and Program Management (APM) teams in the Transportations Security Integration Facility (TSIF). 
• The overall functions include, Cybersecurity Requirements Determination, Scoping and Security Testing Strategy, Security Test Documentation, Security Testing, Analysis,  and Final Reporting with Findings Meetings.

Knowledge and Qualifications

• At least (12) years of technical IT security experience.
• At least (8) years of experience performing Penetration Testing.
• At least (5) years of experience performing Penetration Testing for Federal IT systems.
• Ability to work independently/minimal oversight.
• Experience using automated tools: Kali Linux, AppScan, BurpSuite, SOAPUI, AppDetective, Cobalt Strike, RedSeal, and Nessus.
• Experience with penetration testing methodologies including Open Source Intelligence, Discovery, Enumeration, Vulnerability Identification, Exploitation, and Post Exploitation techniques and tools.
• Experience with manual testing techniques.
• Required Certifications:  OSCP, CEH, GWAPT, CISSP or other equivalent.
• Experience with custom programming languages: Python, Perl, Powershell, etc.
• Fluent knowledge of NIST and FIPS security controls, DISA STIGs, and CIS standards.
• Fluent in the OWASP Top 10 weaknesses.
• Experience with switches, routers, firewalls, VPN, ISE; Palo Alto firewalls;, VPN; Load Balancers, AV, Host and Network based devices, and Enterprise Security Tools.
• Fluent TCP/IP, SMB, SSH, NetBios, SOAP, REST, LDAP, SAML, SSO.

gTANGIBLE Corporation is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, marital status, national origin, or political affiliation.