Iron Vine Security
Senior Penetration Tester
Iron Vine Security, Suitland, Maryland, United States, 20746
Job Requirements:
Strong written and verbal communication skills.Knowledge of capabilities and requirements analysis, cyber defense and vulnerability assessment tools and their capabilities, complex data structures, computer algorithms, programming principles, concepts and practices of processing digital forensic data.Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).Plan and create penetration methods, scripts and testsUnderstanding of incident categories, incident responses, and timelines for responses.Experience with incident response and handling methodologies.Carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in securityNetwork access, identity, and access management experience (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).Indepth understanding of network hardware devices and functions and network traffic analysis methods.Knowledge of server diagnostic tools and fault identification techniques.Simulate security breaches to test a system's relative securityCertifications/Licenses:
Bachelors degree or higher10+ years' penetration testing experience as well as additional experience in network security, reverse engineering, programming, databases, mainframes, web applicationsOne or more of the following certifications preferred:Offensive Security Certified Professional (OSCP)Certified Ethical Hacker (CEH) CertificationGIAC Penetration Tester (GPEN) CertificationActive TS/SCI clearance
Additional Experience Preferred:
Experience conducting vulnerability scans and recognizing vulnerabilities in security systems.Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).Skill in determining an appropriate level of test rigor for a given system.Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.Developing data dictionaries, data models, operations-based testing scenarios, security system access controls.Skill in mimicking threat behaviors, optimizing database performance, and performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).Experience identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).Collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.Setting up a forensic workstation and forensic tool suites (e.g., EnCase, Sleuthkit, FTK).Analyzing anomalous code as malicious or benign, volatile data.Interpreting results of debugger to ascertain tactics, techniques, and procedures.Skill in Regression Analysis (e.g., Hierarchical Stepwise, Generalized Linear Model, Ordinary Least Squares, Tree-Based Methods, Logistic).
Position Responsibilities:
Identify threat tactics, methodologies, gaps, and shortfalls.Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise's computer systems in software development.Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations.Maintain baseline system security according to organizational policies.Maintain database management systems software.Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.Verify stability, interoperability, portability, and/or scalability of system architecture.Work with stakeholders to resolve computer security incidents and vulnerability compliance.
Skills & Requirements QualificationsNOTES:
Iron Vine Security is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws.
Iron Vine Security is a federal contractor. As such, we are subject to an Executive Order requiring all employees of federal contractors to be fully vaccinated for COVID-19 by December 8, 2021. Therefore, by applying for this position, you understand that you will be required to verify that you have been, or will be, fully vaccinated by December 8, or to verify that you cannot be vaccinated due to a legally recognized exception to the vaccine mandate set forth in the Executive Order.
Note: An individual is not considered to be fully vaccinated until two weeks after receiving the second vaccine dosage in a vaccine regimen involving two vaccines.
Strong written and verbal communication skills.Knowledge of capabilities and requirements analysis, cyber defense and vulnerability assessment tools and their capabilities, complex data structures, computer algorithms, programming principles, concepts and practices of processing digital forensic data.Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).Plan and create penetration methods, scripts and testsUnderstanding of incident categories, incident responses, and timelines for responses.Experience with incident response and handling methodologies.Carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in securityNetwork access, identity, and access management experience (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).Indepth understanding of network hardware devices and functions and network traffic analysis methods.Knowledge of server diagnostic tools and fault identification techniques.Simulate security breaches to test a system's relative securityCertifications/Licenses:
Bachelors degree or higher10+ years' penetration testing experience as well as additional experience in network security, reverse engineering, programming, databases, mainframes, web applicationsOne or more of the following certifications preferred:Offensive Security Certified Professional (OSCP)Certified Ethical Hacker (CEH) CertificationGIAC Penetration Tester (GPEN) CertificationActive TS/SCI clearance
Additional Experience Preferred:
Experience conducting vulnerability scans and recognizing vulnerabilities in security systems.Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).Skill in determining an appropriate level of test rigor for a given system.Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.Developing data dictionaries, data models, operations-based testing scenarios, security system access controls.Skill in mimicking threat behaviors, optimizing database performance, and performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).Experience identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).Collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.Setting up a forensic workstation and forensic tool suites (e.g., EnCase, Sleuthkit, FTK).Analyzing anomalous code as malicious or benign, volatile data.Interpreting results of debugger to ascertain tactics, techniques, and procedures.Skill in Regression Analysis (e.g., Hierarchical Stepwise, Generalized Linear Model, Ordinary Least Squares, Tree-Based Methods, Logistic).
Position Responsibilities:
Identify threat tactics, methodologies, gaps, and shortfalls.Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise's computer systems in software development.Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations.Maintain baseline system security according to organizational policies.Maintain database management systems software.Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.Verify stability, interoperability, portability, and/or scalability of system architecture.Work with stakeholders to resolve computer security incidents and vulnerability compliance.
Skills & Requirements QualificationsNOTES:
Iron Vine Security is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws.
Iron Vine Security is a federal contractor. As such, we are subject to an Executive Order requiring all employees of federal contractors to be fully vaccinated for COVID-19 by December 8, 2021. Therefore, by applying for this position, you understand that you will be required to verify that you have been, or will be, fully vaccinated by December 8, or to verify that you cannot be vaccinated due to a legally recognized exception to the vaccine mandate set forth in the Executive Order.
Note: An individual is not considered to be fully vaccinated until two weeks after receiving the second vaccine dosage in a vaccine regimen involving two vaccines.