Penetration Testing Lead

Summary

Title:Penetration Testing Lead

ID:374

Department:Cybersecurity

Location:Falls Church, VA

Description

PENETRATION TESTER/CYBER ENGINGEER Serves as the technical lead and primary Point of Contact for all penetration testing conducted under the contract. Ensures all contract penetration testing work and output meets contract requirements, follows applicable standards and guidelines, and is completed according to the overall project plan and schedule. Must attend all Program Management Reviews and be able to report on the status of all penetration testing activities and issues. Responsible for the successful completion of multiple penetration testing exercises. ​ Performs penetration testing of the ATO NAS security posture to provide detailed analysis and identification of application, system, and network vulnerabilities; gaps in IT security guidance, and assessment of patching/mitigation methodologies. Will act as Ethical white hat attacker (red teamer) to simulate cyber attacks, and/or Defensive cybersecurity personnel (blue teamer) to harden against simulated attacks. Develops and prepares penetration testing Rules of Engagement, test plans, and reports. Provides recommended remediation actions to lower overall risk exposure, as required. Provides technical expertise on penetration testing tools and simulation environment

Qualifications:

• Educational Requirements: Bachelors Degree in Cyber Security, Computer Science, Information Technology, Engineering, Mathematics, or Physics. (Desired)

• 6 years’ experience related to the work/responsibilities outlined in the Position Description above

• Minimum of five years penetration testing

• At least 2 years of the relevant experience must be recent, i.e. performed within the last 3 years

• One or more of the following certifications are required:

• Offensive Security Certified Professional (OSCP)

• Offensive Security Certified Expert (OSCE)

• Offensive Security Wireless Professional (OSWP)

• Offensive Security Web Expert (OSWE)

• Certified Ethical Hacker (CEH)

• EC-Council Certified Security Analyst (ECSA)

• Certified Ethical Hacker (CEH) Practical

• EC-Council Certified Security Analyst (ECSA) Practical

• Licensed Penetration Tester (LPT) Master

• Certified Incident Handler (GCIH)

• Penetration Tester (GPEN)

• Web Application Penetration Tester (GWAPT)

• Exploit Researcher and Advanced Penetration Tester (GXPN)

• Assessing and Auditing Wireless Networks (GAWN)

OR

• Penetration Testing - Blue Teaming- Two or more of the following certifications are required.

• Certified Network Defender (CND)

• Certified Network Defense Architect (CNDA)

• Certified Incident Handler (GCIH)

• Certified Intrusion Analyst (GCIA)

• Defending Advances Threats (GDAT)

• Defensible Security Architecture (GDSA)

• Certified Enterprise Defender (GCED)