Intermediate Penetration Tester
- Recruiter
- Chenega Corporation
- Location
- United States
- Salary
- Competitive
- Posted
- 25 Sep 2024
- Closes
- 23 Oct 2024
- Job Type
- Penetration Tester
- Employer Sector
- Technology, IT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
Intermediate Penetration Tester
Hybrid Schedule: In person, in the Washington, DC office twice per week
Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer's core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large–scale government operations by leveraging cutting–edge technology and take your career to the next level!
Chenega Systems (CS) provides federal agencies empowered solutions in Cybersecurity and Data Visualization. Our Subject Matter Experts offer decades of experience working in the federal marketplace and the data visualization environment.
The SBA Office of the Chief Information Officer (CIO) Information Security Division (ISD) supports the mission of delivering cybersecurity, privacy, controlled unclassified information programs, and records management services throughout the U.S. Small Business Administration. At a high level, the SBA Information Technology (IT) ecosystem consists of one preponderant 20,000 node Multi–Protocol Label Switched (MPLS) infrastructure, two on–premises data centers, and approximately seventy smaller field offices; and additionally utilizes resources from numerous cloud providers.
The Intermediate Penetration Tester provides services related to penetration, offensive, and similar types of testing, including but not limited to, penetration testing (gray and black box), red team testing, static code analysis, dynamic code analysis, and Application Programming Interface (API) testing.
Responsibilities
Work you'll do
- Identify vulnerabilities and weaknesses within the systems, determine exposure and complexity of exploit
- Conduct continuous penetration testing of the enterprise IT environment
- Assess the effectiveness of security controls implemented to protect systems in support of the Authorization Process, Security Impact Analysis through Change Management and as required
- Mimic attacks of threat actors defined by the Cyber Threat Intelligence (CTI) Team to assess and improve IT system resilience, SOC monitoring effectiveness, and tuning of security tools
- Perform ad hoc, focused pen tests to validate the effectiveness of corrective actions taken to address identified weaknesses
- Perform Penetration Testing Services for any internal or public websites and associated systems
- Develop and execute plans that include penetration testing of all IT systems
- Validate remediations by re–testing all Critical and High findings identified through penetration testing
- Develop or adapt queries and/or scripts that test all APIs provided by the customer against the Open Web Application Security Project (OWASP) API Top Ten (or alternate criteria as specified)
- Perform network mapping, vulnerability scanning, and support phishing simulations as well as report findings and make remediation recommendations
- Develop Quarterly Penetration Testing Schedule and Annual Internal Penetration Testing Standard Operating Procedures (SOP)
- Other duties as assigned.
Qualifications
- BS degree in Cybersecurity or a related discipline
- 5+ years of experience in penetration testing and/or offensive security
- CompTIA PenTest+, CompTIA CySA+, EC–Council CEH or equivalent certification
- Background check
Knowledge, Skills, and Abilities:
- Experience assessing mobile devices (IOS, Android, Windows) such as iPhone, iPad, and other mobile devices, including mobile applications built to function on a mobile device.
- Experience assessing web applications and websites Application Programming Interfaces (APIs) during the API lifecycle.
- Experience assessing database applications or stored functions, database systems, database servers, and associated network links that validate the database security and verify the adversaries are not able to exploit vulnerabilities in the database to access or modify the data.
- Experience with source code analysis, identifying any vulnerabilities or weaknesses within the software.
How you'll grow
At Chenega MIOS, our professional development plan focuses on helping our team members at every level of their careers to identify and use their strengths to do their best work every day. From entry–level employees to senior leaders, we believe there's always room to learn.
We offer opportunities to help sharpen skills in addition to hands–on experience in the global, fast–changing business world. From on–the–job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their careers.
Benefits
At Chenega MIOS, we know that great people make a great organization. We value our team members and offer them a broad range of benefits.
Learn more about what working at Chenega MIOS can mean for you.
Chenega MIOS's culture
Our positive and supportive culture encourages our team members to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them be healthy, centered, confident, and aware. We offer well–being programs and continuously look for new ways to maintain a culture where we excel and lead healthy, happy lives.
Corporate citizenship
Chenega MIOS is led by a purpose to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our team members, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill–based volunteerism, and leadership to help drive positive social impact in our communities.