CND – Penetration Tester – Multiple Openings
Website Applied Network Solutions, Inc.
Responsible for conducting a holistic evaluation of a system or application; analyzing, evaluating and identifying vulnerabilities and zero days and developing exploits to take advantage of these identified security flaws. Conducting penetration testing, reverse engineering and development of code/scripts to leverage attack vectors; conduct vulnerability and compliance assessments on Windows and UNIX/Linux hosts; identifying vulnerabilities, analyzing results, manually verifying findings to eliminate false positives or negatives, and capturing artifacts to provide evidence of exploitable vulnerability
- Utilize intimate familiarity with operating from the UNIX/Linux command line.
- Successfully execute network mapping to identify live hosts and active ports, protocols and services (PPS) and analyze the results of NMAP data to identify risky PPS.
- Conduct vulnerability and compliance assessments on AF/DoD systems for Cyber Vulnerability Assessments (CVA); upon demonstrated ability and customer acceptance, conduct penetration test activities; familiarity with Wireshark/TCP Dump and common network vulnerability and compliance scanners such as Nessus, Nexpose, SCAP Compliance Checker, etc., beneficial.
- Methodically analyze problems, identify solutions and remain composed in potentially stressful situations.
- Adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability.
- Assist customer with implementing policies and tactics, techniques and procedures for conducting assessments.
- Exhibit good writing and communications skills, to include the ability to render concise reports, summaries and formal oral presentations.
- Understand and be proficient in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
- Must have an active TS/SCI clearance.
- Must possess or be willing to obtain a DoD 8570 IAT Level 3 (CISSP, CASP, etc.) certification and a penetration test certification (i.e., GPEN, GXPN, GWAPT) within 6 months.
- Minimum Bachelor’s degree and 2 years’ experience; Associates degree with 4 years’ experience or 6 years equivalent experience without a degree; degrees focused on engineering or applied science.
- Experience in working with and in a network systems security environment with a focus on security and information assurance (5 years).
- Must have thorough knowledge of common network ports and protocols.
- Strong knowledge of Windows® Internals, Windows® Application Programming Interfaces (API), Portable Executable (PE) formats, Windows® Registry, and security models.
- Experience with Bash and Power Shell.
- Experience in one of the following scripting languages: Perl, Python or Ruby is required.