Engineering and Software Development - Penetration Tester /
Full Time
The Remote Penetration Testing (RPT) is a thorough assessment of a customer's external facing infrastructure. It includes but is not limited to a very thorough, hands-on Web Application test, security tests against internet-accessible network assets, phishing payload testing and open source intelligence gathering. At the conclusion of the assessment, the customer is provided a report with any external vulnerabilities found. RPT uses a dedicated remote team to assess and identify vulnerabilities and work with customers to eliminate exploitable pathways. RPTs are similar to Risk and Vulnerability Assessments but focus only on externally accessible systems with a tradeoff made for more service capacity at the expense of assessment scope.
Position Responsibilities Include:
Knowledge of script writing and crafting of payloads
Knowledge of database operations and system/network administration
In-depth knowledge and understanding of operation of assessment tools (including but not limited to Metasploit, Nmap, Burp Suite, Powersploit, and Cobalt Strike)
Ability to operate in a critical fashion in dynamic environments
Knowledge of FISMA and NIST 800 series standards
In-depth knowledge of network mapping, vulnerability scanning, penetration testing, and Web Application testing
In-depth knowledge of the procedures of Phishing Assessments, Wireless Assessments, Operating System Security Assessments, and Database Assessments
Required Qualifications:
Bachelor's Degree and 4-6 years' work experience or equivalent experience
At least one related industry certification (OSCP, OSCE, GPEN, GXPN, or equivalent).
Ability to obtain Public Trust approval and DHS Suitability (EOD)
MUST BE WILLING TO TRAVEL up to 50% per month
Experience with coordinating assessment equipment, including ensuring images on assessment equipment are up to date, equipment transport, setup and tear-down of equipment on-site, and general maintenance
Experience operating assessment tools in accordance with VM Assessment Standard Operating Procedures
Experience developing documentation and reporting (ex. Assessment report)
Desired Qualifications:
Ability to obtain TS/SCI and DHS EOD
Deep understanding of the methodology associated with penetration testing, such as creating Rules of Behavior, selection of pen testing team, and have a developed tool kit.
Cloud experience a plus! (AWS or Azure)
ANY OF THE BELOW CREDENTIALS ARE A PLUS!
Licensed Penetration Tester (LPT) Master
Offensive Security Certified Professional (OSCP)
Certified Ethical Hacker (CEH)
IACRB Certified Expert Penetration Tester (CEPT)
IACRB Certified Expert Penetration Tester (CPT)
Certified Red Team Operations Professional (CRTOP)
CompTIA's PenTest+
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); and/or
GIAC Penetration Tester (GPEN)
EEO Statement AnaVation is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.