Sev1Tech
Vulnerability Analyst and PenTester Lead - Sr.
Sev1Tech, Washington, District of Columbia, us, 20022
Overview/ Job Responsibilities
Sev1Tech is looking for a Vulnerability Analyst/PenTester Lead to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
Responsibilities include but are not limited to:
Conduct Vulnerability Assessment scans for Headquarters and Subscriber systems and networks to identify potential computer security vulnerabilities, risks, and threatsOperate, and maintain assessments and the resulting Vulnerability Assessment data and reportsSupport the NOSC enclave, HSEN, and Redundant TICs through the conduct of scheduled and ad-hoc vulnerability assessment scanning.Scanning shall include:
Host-based and vulnerability assessmentsNetwork vulnerability assessmentsDatabase vulnerability assessmentsWeb-based vulnerability assessmentsCloud-based vulnerability assessments
Employ ad-hoc or emergency vulnerability scanning to support targeted incident investigation, escalation, and emergency response to security events in accordance with documented proceduresCoordinate with Component security staff to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilitiesConduct High Value Asset assessments and penetration tests and conduct or assist with penetration tests as requested by Components, System Owners, Information System Security Managers, or Information System Security Officers in support of Security Controls Assessments, continuous monitoring, and FISMA requirementsProvide penetration testing summary reports, in accordance with the signed Rules of Engagement (ROE) document, to the appropriate System Owner/ISSM/ISSO, Government lead, DHS Program Manager and document the findingsPrepare and submit security testing Rules or Engagement (ROE) for High Value Assets (HVA), Internal & External Threat Assessments, prior to conducting penetration testing and ensure that the ROE provide the operational security controls to protect both the system and networkMinimum Qualifications
BA or BS degree in Information Technology, Computer Science, or related degreeAt least eight (8) years experience performing cybersecurity workAt least six (6) years of experience providing vulnerability assessment and PenTesting services to federal customersExperience with host-based and vulnerability assessments; Network vulnerability assessments; Database vulnerability assessments; Web-based vulnerability assessments;and Cloud-based vulnerability assessmentsIn-depth knowledge of security frameworks, standards, and best practicesProficiency in using security platforms and tools for assessment and testing purposes including some or all of the following:
Astra SecurityRapid 7/Metasploit ProCobaltGitHub NiktoOWASP ZAPWiresharkOnSecurityTenable/NessusW3AFNMapBurpSuiteQualys Cloud PlatformKali Linux
Working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common Internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)Strong analytical and problem-solving skillsExcellent communication and collaboration abilitiesOne or more of the following Certifications:
Certified Ethical Hacker (CEH)Licensed Penetration Tester Master (LPT)Offensive Security Certified Professional (OSCP)GIAC Penetration Tester (GPEN) CertificationGIAC Exploit Researcher and Advanced Penetration Tester (GXPN) CertificationCompTIA PenTest+
Clearance Requirement: Public Trust clearance or higher; Public Trust clearance with Dept of Homeland Security (DHS) or Customs & Border Protection preferredDesired Qualifications
DHS experienceDoD and or Intel Community experience
About Sev1Tech LLC
Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.
Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech
For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com
Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Sev1Tech is looking for a Vulnerability Analyst/PenTester Lead to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
Responsibilities include but are not limited to:
Conduct Vulnerability Assessment scans for Headquarters and Subscriber systems and networks to identify potential computer security vulnerabilities, risks, and threatsOperate, and maintain assessments and the resulting Vulnerability Assessment data and reportsSupport the NOSC enclave, HSEN, and Redundant TICs through the conduct of scheduled and ad-hoc vulnerability assessment scanning.Scanning shall include:
Host-based and vulnerability assessmentsNetwork vulnerability assessmentsDatabase vulnerability assessmentsWeb-based vulnerability assessmentsCloud-based vulnerability assessments
Employ ad-hoc or emergency vulnerability scanning to support targeted incident investigation, escalation, and emergency response to security events in accordance with documented proceduresCoordinate with Component security staff to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilitiesConduct High Value Asset assessments and penetration tests and conduct or assist with penetration tests as requested by Components, System Owners, Information System Security Managers, or Information System Security Officers in support of Security Controls Assessments, continuous monitoring, and FISMA requirementsProvide penetration testing summary reports, in accordance with the signed Rules of Engagement (ROE) document, to the appropriate System Owner/ISSM/ISSO, Government lead, DHS Program Manager and document the findingsPrepare and submit security testing Rules or Engagement (ROE) for High Value Assets (HVA), Internal & External Threat Assessments, prior to conducting penetration testing and ensure that the ROE provide the operational security controls to protect both the system and networkMinimum Qualifications
BA or BS degree in Information Technology, Computer Science, or related degreeAt least eight (8) years experience performing cybersecurity workAt least six (6) years of experience providing vulnerability assessment and PenTesting services to federal customersExperience with host-based and vulnerability assessments; Network vulnerability assessments; Database vulnerability assessments; Web-based vulnerability assessments;and Cloud-based vulnerability assessmentsIn-depth knowledge of security frameworks, standards, and best practicesProficiency in using security platforms and tools for assessment and testing purposes including some or all of the following:
Astra SecurityRapid 7/Metasploit ProCobaltGitHub NiktoOWASP ZAPWiresharkOnSecurityTenable/NessusW3AFNMapBurpSuiteQualys Cloud PlatformKali Linux
Working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common Internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)Strong analytical and problem-solving skillsExcellent communication and collaboration abilitiesOne or more of the following Certifications:
Certified Ethical Hacker (CEH)Licensed Penetration Tester Master (LPT)Offensive Security Certified Professional (OSCP)GIAC Penetration Tester (GPEN) CertificationGIAC Exploit Researcher and Advanced Penetration Tester (GXPN) CertificationCompTIA PenTest+
Clearance Requirement: Public Trust clearance or higher; Public Trust clearance with Dept of Homeland Security (DHS) or Customs & Border Protection preferredDesired Qualifications
DHS experienceDoD and or Intel Community experience
About Sev1Tech LLC
Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.
Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech
For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com
Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.