Security Engineer – Penetration Tester
The Security Engineer/Penetration Tester is responsible for identifying information security requirements, defining the security aspects of system architectures, determining testing requirements and methodologies, conducting analytical risk management activities related to the development of web applications and information systems, and conducting web applications security assessments including performance of system scans such as application scans and vulnerability scans. The Security Engineer will ensure documentation required for authorization packages is complete, current, and supports verification of the system security requirements. The Security Engineer is responsible for conducting information systems security testing and evaluation processes leading up to system authorization, recommending actions to mitigate findings, and producing needed documentation. The Security Engineer must make information security an integral part of the systems engineering and system acquisition process; provide effective security measures in support of customer mission needs; integrate the security disciplines to provide optimal information system security solutions and make the Security Engineer a key member of information technology management.
This is a government contract position that requires US Citizenship and ability to successfully obtain a Public Trust Clearance.
We are seeking Security Engineer/Penetration Tester candidates with the following relevant experience:
- Support the Enterprise IA Team through the application of expert penetration testing techniques, including internally and externally to identify Web application, system vulnerabilities, and test security controls in networked devices.
- Perform tests on targets, including Web servers, mail servers, wireless equipment, mobile devices and applications, Windows domain controllers, and Web applications hosted both internally and at vendor locations.
- Provide recommended controls and countermeasures to reduce risk. Work with internal and client-team administrators and developers to help them understand and implement server hardening and secure application development principles.
- Lead projects and assessments to successful resolution, provide guidance, and assist Governance team in learning information security testing techniques.
- Present findings and discuss concepts with stakeholders and management.
- Work in a hands-on and technical penetration testing position as well as Application Security tasks and work efforts.
- Perform NIST C & A tasks based on NIST 800-53 using the CSAM tool.
- 3+ years of experience with conducting Hands-On Web application penetration tests
- 3+ years of experience with the common penetration testing tools, including Metasploit, Nessus, nMap, AppScan, and BurpSuite
- 3+ years of experience with network penetration testing methods
- 3+ years of experience with writing testing assessment reports
- 2+ years of experience with programming and scripting in Python, Ruby, or Java
- Knowledge of TCP/IP protocols and networking architectures
- Experience with wireless LAN security, including testing methods and software
- Knowledge of Web applications, databases, and Web server design and implementation
- Knowledge of security development standards and projects, e.g. OWASP, NVD-CVE
- Knowledge of open security testing standards and projects, e.g. OWASP, NVD-CVE
- Possession of excellent oral and written communication skills
- HS diploma or GED required. BA or BS degree in Cyber Security or Information Security preferred.
OSCP, GIAC, GPEN, CEH, CASP, and GWAPT Certifications preferred.
ABSi Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, or national origin.
ABSi Corporation will take affirmative action to employ qualified employees and applicants who are disabled veterans, recently separated veterans, Armed Forces service medal veterans, and other protected veterans.
Regarding any position for which an applicant for employment is qualified, ABSi Corporation will not discriminate against any applicant because of physical or mental disability. ABSi Corporation will take affirmative action to employ qualified individuals with disabilities without discrimination based upon their physical or mental disability.