The Washington House
Penetration Tester
The Washington House, Rockville, Maryland, us, 20849
Innovative, Secure, and Outcome-Based Solutions
Current Job Openings
A Penetration Tester job in Beltsville, MDis currently available through Belcan at one of our key Federal Civilianclients. To be considered for this role, you will have a bachelor's degree in cyber security or related fieldand 5 years of relevant experience.The Penetration Tester will provide support for HVA Assessments using methodology by Cybersecurity and Infrastructure Security Agency (CISA) Assessment Evaluation and Standardization (AES) program with broad and in-depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective, and response controls across the global technology landscape. The Penetration Tester will:Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.Apply sound technical and management principles to identify and remediate cybersecurity --vulnerabilities across the State Department global IT enterprise infrastructureApply organizational and process change principalsEvaluate system performance results, perform risk assessments, and evaluate performance metrics.Responsibilities include:Provide ad-hoc penetration testing and assessment services on Department of State systems identified by the leadership.Develop, Identify and resolve security vulnerabilities related to deployment and testing processesStreamline and optimize processes and procedures in order to rapidly remediate vulnerabilities from cybersecurity threatsCollaborate with Department and external cyber stakeholders on cybersecurity technology implementations to meet specific operational needs.Perform technical evaluations of recommended vulnerability mitigation actions and make recommendations based on impact and/or other countermeasures.Develop strategies for CIC cyber defense technologies, ensuring integration and alignment for continued operation.Conduct assessments of threats and vulnerabilities; determine deviations from acceptable configurations, enterprise, or local policy; assess the level of risk; and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situationsNetwork Mapping include but are not limited to a network map of the organization's system that includes a visual representation of the organization's physical devices and digital network.Perform operation and maintenance activities in support of existing CIC cyber tools and technologies (MSV, Qualys, Tenable Nessus and others).Identify, diagnose, and prioritize anomalies in cyber defense infrastructure and resources.Perform cybersecurity testing of developed applications and/or systems. Identify and direct the remediation of technical problems encountered during testing and implementation of new systems.Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders.Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing.Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff.Bachelor's and five (5) years or more experience; Master's and five (5) years or more experience; PhD or JD and five (5) years or more experience; 4-6+ years penetration testing experience.A degree in CS or related field. Web application penetration testing, LPT, Source code vulnerability analysis, serious problem-solving skills experienceAll penetration testers/operators must be DHS/CISA AES Qualified within 90 days of onboarding
4 years Microsoft Operating Systems (OS) engineering and support experience focusing on Active Directory (AD), System Center Configuration Manager (SCCM), System Center Operations Manager (SCOM)4-6 years Network penetration testing experienceIn-depth experience in planning, implementing, and managing large/global enterprise infrastructuresFamiliarity of various analytical tools (Splunk, USBDeview, Netwitness, MimiKatz)Understanding of Security Information and Event Management (SIEM) tools (Splunk, McAfee)Familiarity of Cobalt Strike, Nessus, Kali Linux, Burp Suite, Nmap and OpenVAS for databasesKnowledge of general attack stagesSkill in the use of social engineering techniques and using penetration testing toolsFamiliarity with OMB, NIST, DHS, and related security guidelines and directivesInterpersonal skills including the ability to collaborate effectively, and excellent written and oral communicationsNetwork security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).Server/endpoint OS (Microsoft, Linux, IOS) along with mobile and cloud technologies.Cloud application security, Vulnerability Management and Security Information, and Event Management capabilities.Knowledge of identity and access management solutions (MFA, PKI, SAML, etc.)Countermeasures / mitigations to identified cybersecurity risks.Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration Protocol (DHCP), domain name system, and directory servicesAbility to generate and implement capabilities to monitor organization's network in real-timeAbility to provide Vulnerability Scanning Risk AssessmentInformation protection technologies (e.g., firewalls, antivirus, threat protection, servers, routers, and others as appropriate).Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)The ability to read and write assembly (x86 and ARM)The ability to provide binary analysis tools and debuggers (IDA Pro, Ghidra, WinDbg, etc.)LPT (Licensed Penetration Testers)Microsoft Certifications (MCSE, MCSA, MCSD)OSCP (Offensive Security Certification Professional)ISACA Certified Information Systems Auditor (CISA)SCP Security Certified Network Architect (SCNA)ISACA Certified Information Security Manager (CISM)
We provide a competitive pay and benefits package. This position is offering a salary range of $140,000 - $150,000Belcan considers several factors when extending an offer, including but not limited to education, experience, geographic location, and discipline. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.We are an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local laws.
#J-18808-Ljbffr
Current Job Openings
A Penetration Tester job in Beltsville, MDis currently available through Belcan at one of our key Federal Civilianclients. To be considered for this role, you will have a bachelor's degree in cyber security or related fieldand 5 years of relevant experience.The Penetration Tester will provide support for HVA Assessments using methodology by Cybersecurity and Infrastructure Security Agency (CISA) Assessment Evaluation and Standardization (AES) program with broad and in-depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective, and response controls across the global technology landscape. The Penetration Tester will:Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.Apply sound technical and management principles to identify and remediate cybersecurity --vulnerabilities across the State Department global IT enterprise infrastructureApply organizational and process change principalsEvaluate system performance results, perform risk assessments, and evaluate performance metrics.Responsibilities include:Provide ad-hoc penetration testing and assessment services on Department of State systems identified by the leadership.Develop, Identify and resolve security vulnerabilities related to deployment and testing processesStreamline and optimize processes and procedures in order to rapidly remediate vulnerabilities from cybersecurity threatsCollaborate with Department and external cyber stakeholders on cybersecurity technology implementations to meet specific operational needs.Perform technical evaluations of recommended vulnerability mitigation actions and make recommendations based on impact and/or other countermeasures.Develop strategies for CIC cyber defense technologies, ensuring integration and alignment for continued operation.Conduct assessments of threats and vulnerabilities; determine deviations from acceptable configurations, enterprise, or local policy; assess the level of risk; and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situationsNetwork Mapping include but are not limited to a network map of the organization's system that includes a visual representation of the organization's physical devices and digital network.Perform operation and maintenance activities in support of existing CIC cyber tools and technologies (MSV, Qualys, Tenable Nessus and others).Identify, diagnose, and prioritize anomalies in cyber defense infrastructure and resources.Perform cybersecurity testing of developed applications and/or systems. Identify and direct the remediation of technical problems encountered during testing and implementation of new systems.Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders.Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing.Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff.Bachelor's and five (5) years or more experience; Master's and five (5) years or more experience; PhD or JD and five (5) years or more experience; 4-6+ years penetration testing experience.A degree in CS or related field. Web application penetration testing, LPT, Source code vulnerability analysis, serious problem-solving skills experienceAll penetration testers/operators must be DHS/CISA AES Qualified within 90 days of onboarding
4 years Microsoft Operating Systems (OS) engineering and support experience focusing on Active Directory (AD), System Center Configuration Manager (SCCM), System Center Operations Manager (SCOM)4-6 years Network penetration testing experienceIn-depth experience in planning, implementing, and managing large/global enterprise infrastructuresFamiliarity of various analytical tools (Splunk, USBDeview, Netwitness, MimiKatz)Understanding of Security Information and Event Management (SIEM) tools (Splunk, McAfee)Familiarity of Cobalt Strike, Nessus, Kali Linux, Burp Suite, Nmap and OpenVAS for databasesKnowledge of general attack stagesSkill in the use of social engineering techniques and using penetration testing toolsFamiliarity with OMB, NIST, DHS, and related security guidelines and directivesInterpersonal skills including the ability to collaborate effectively, and excellent written and oral communicationsNetwork security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).Server/endpoint OS (Microsoft, Linux, IOS) along with mobile and cloud technologies.Cloud application security, Vulnerability Management and Security Information, and Event Management capabilities.Knowledge of identity and access management solutions (MFA, PKI, SAML, etc.)Countermeasures / mitigations to identified cybersecurity risks.Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration Protocol (DHCP), domain name system, and directory servicesAbility to generate and implement capabilities to monitor organization's network in real-timeAbility to provide Vulnerability Scanning Risk AssessmentInformation protection technologies (e.g., firewalls, antivirus, threat protection, servers, routers, and others as appropriate).Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)The ability to read and write assembly (x86 and ARM)The ability to provide binary analysis tools and debuggers (IDA Pro, Ghidra, WinDbg, etc.)LPT (Licensed Penetration Testers)Microsoft Certifications (MCSE, MCSA, MCSD)OSCP (Offensive Security Certification Professional)ISACA Certified Information Systems Auditor (CISA)SCP Security Certified Network Architect (SCNA)ISACA Certified Information Security Manager (CISM)
We provide a competitive pay and benefits package. This position is offering a salary range of $140,000 - $150,000Belcan considers several factors when extending an offer, including but not limited to education, experience, geographic location, and discipline. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.We are an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local laws.
#J-18808-Ljbffr