Penetration Tester
Veris Group - Vienna, VA

This job posting is no longer available on Veris Group. Find similar jobs: Penetration Tester jobs - Veris Group jobs

Veris Group, LLC is a management and technology services firm and accredited FedRAMP 3PAO with a core focus on providing information assurance and cybersecurity consulting services to government and commercial organizations. We currently have immediate openings for experienced Penetration Testers in the DC Metro Area. The ability to travel up to 30% for client engagements and to work outside of standard work hours as required for client engagements is required. The following security clearance statuses are acceptable: Clearable, Public Trust, Secret, and Top Secret.

Summary of Duties:
  • Work as part of a vulnerability assessment and/or penetration testing team, taking direction from team lead(s) and executing directives in a thorough and timely fashion
  • Conduct vulnerability assessments on a wide variety of technologies and implementations utilizing both automated tools and manual techniques
  • Conduct network penetration tests
  • Conduct application penetration tests (web and thick client)
  • Conduct wireless security assessments
  • Conduct social engineering assessments
  • Conduct physical security assessments
  • Train others on the use of vulnerability assessment and penetration testing techniques and tools
  • Effectively communicate successes and obstacles with fellow team members and team lead(s)
  • Interface with client contact(s) and staff in a constructive and professional manner
  • Develop subject matter expertise in topics to include: network, database, wireless and application security assessments and adversarial network operations
  • Utilize common vulnerability assessment and penetration testing tools

Education/Certification Requirements:

Required
  • Bachelor’s degree in relevant IT field (IS, CS, etc…) for candidates with two (2) years of experience
  • Associate’s degree in relevant IT field (IS, CS, etc…) with a GIAC or OSCP certification for candidates with three (3) years of experience
  • a GIAC AND a OSCP certification for candidates with four (4) years of experience

Desired
  • Bachelor’s degree in relevant IT field (IS, CS, etc…) a GIAC or OSCP certification
  • Current CISSP certification
Required Skills
  • Ability to communicate effectively with team members, managers and customers
  • Demonstrable aptitude for technical writing, including assessment reports, presentations and operating procedures
  • Good understanding of port numbers, services, protocols, TCP-IP stack, OSI-Model
  • Understanding of security principles, policies, and industry best practices
  • Competence with Microsoft Word, Excel, and PowerPoint
  • Working knowledge of at least one programming or scripting language
  • Demonstrable aptitude with vulnerability scanning, network and application penetration techniques and tools

Desired Skills:
  • Familiarity with common penetration testing methodologies such as the OSSTMM, OWASP Testing Guide and the PTES
  • Ability to demonstrate excellent technical writing and presentation skills. Ability to effectively communicate and defend findings with customer senior management
  • Familiarity with web application concepts, such as JavaScript, XML, SOAP, REST, AJAX, etc…
  • Working knowledge of several scripting and programing languages and secure development lifecycle concepts
  • Working knowledge of Federal and industry information security regulations (FISMA, PCI, etc…) and accreditation and auditing practices
Required Experience
  • Two (2) years of experience in the IT industry (system administration, software development, etc…)
  • Demonstrable technical experience with UNIX/Linux and Windows operating systems, major network devices (Cisco, etc…) and at least one type of database

Desired Experience:
  • Two (2) years of experience in the information security industry, particularly with vulnerability assessments and penetration testing
  • Demonstrable experience with common network vulnerability assessment techniques and tools such as: Nmap, Nessus, Nexpose , Qualys, AppDetective, etc…
  • Demonstrable experience with application security assessment techniques and tools, such as: Webinspect, AppScan, Nikto, Burp Suite Pro, ZAP, etc…
  • Demonstrable experience with penetration testing techniques and tools, such as: Cobalt Strike, Metasploit Framework, Core Impact Pro, Immunity Canvas, Armitage, Social Engineering Toolkit, etc…
  • Demonstrable technical experience with NIDS/HIDS, network and application firewalls, proxies and other information security products