Vulnerability Analyst and PenTester Lead with Security Clearance - Washington, DC, United States - Sev1Tech

    Sev1Tech
    Sev1Tech Washington, DC, United States

    2 weeks ago

    Default job background
    Technology / Internet
    Description
    Overview/ Job Responsibilities Sev1Tech is looking for a Vulnerability Analyst/PenTester Lead to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety
    The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support

    Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.

    S and occasionally OCONUS

    Responsibilities include but are not limited to:

    • Conduct Vulnerability Assessment scans for Headquarters and Subscriber systems and networks to identify potential computer security vulnerabilities, risks, and threats
    • Operate, and maintain assessments and the resulting Vulnerability Assessment data and reports
    • Support the NOSC enclave, HSEN, and Redundant TICs through the conduct of scheduled and ad-hoc vulnerability assessment scanning.

    Scanning shall include:

    • Host-based and vulnerability assessments
    • Network vulnerability assessments
    • Database vulnerability assessments
    • Web-based vulnerability assessments
    • Cloud-based vulnerability assessments
    • Employ ad-hoc or emergency vulnerability scanning to support targeted incident investigation, escalation, and emergency response to security events in accordance with documented procedures
    • Coordinate with Component security staff to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilities
    • Conduct High Value Asset assessments and penetration tests and conduct or assist with penetration tests as requested by Components, System Owners, Information System Security Managers, or Information System Security Officers in support of Security Controls Assessments, continuous monitoring, and FISMA requirements
    • Provide penetration testing summary reports, in accordance with the signed Rules of Engagement (ROE) document, to the appropriate System Owner/ISSM/ISSO, Government lead, DHS Program Manager and document the findings
    • Prepare and submit security testing Rules or Engagement (ROE) for High Value Assets (HVA), Internal & External Threat Assessments, prior to conducting penetration testing and ensure that the ROE provide the operational security controls to protect both the system and network Minimum Qualifications
    • BA or BS degree in Information Technology, Computer Science, or related degree
    • At least eight (8) years experience performing cybersecurity work
    • At least six (6) years of experience providing vulnerability assessment and PenTesting services to federal customers
    • Experience with host-based and vulnerability assessments; Network vulnerability assessments; Database vulnerability assessments; Web-based vulnerability assessments;and Cloud-based vulnerability assessments
    • In-depth knowledge of security frameworks, standards, and best practices
    Proficiency in using security platforms and tools for assessment and testing purposes including some or all of the following:


    • Astra Security
    • Rapid 7/Metasploit Pro
    • Cobalt
    • GitHub Nikto
    • OWASP ZAP
    • Wireshark
    • OnSecurity
    • Tenable/Nessus
    • W3AF
    • NMap
    • BurpSuite
    • Qualys Cloud Platform
    • Kali Linux
    • Working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g
    TCP, UDP, ICMP, BGP, MPLS, etc.) and common Internet applications and standards (e.g
    SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)


    • Strong analytical and problem-solving skills
    • Excellent communication and collaboration abilities

    One or more of the following Certifications:

    • Certified Ethical Hacker (CEH)
    • Licensed Penetration Tester Master (LPT)
    • Offensive Security Certified Professional (OSCP)
    • GIAC Penetration Tester (GPEN) Certification
    • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Certification
    • CompTIA PenTest+

    Clearance Requirement:
    Public Trust clearance or higher; Public Trust clearance with Dept of Homeland Security (DHS) or Customs & Border Protection preferred Desired Qualifications


    • DHS experience
    • DoD and or Intel Community experience About Sev1Tech LLC Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery
    Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients
    Our Mission is to Build better companies
    Enable better government
    Protect our nation
    Build better humans across the country
    Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression
    Please apply directly through the website at: #joinSev1tech For any additional questions or to submit any referrals, please contact: Sev1Tech is an Equal Opportunity and Affirmative Action Employer

    All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.