Principal Penetration Testing and Vulnerability Analysis
Principal Penetration Testing and Vulnerability Analyst
- A principal penetration and vulnerability analyst is required for a contract position in Arlington, VA.
- Lead Red Cell assessments
- Assess and enhance current processes for penetration testing and vulnerability assessment
- Recommend mitigation and remediation strategies based upon the class and category of vulnerability
- Performs Leadership Support and Penetration Testing on web and other applications, network infrastructure and operating system infrastructures.
- Briefs executive summary and findings to stakeholders to include Sr. Leadership
- Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
- Assesses the current state of the customer’ s system security by identifying all vulnerabilities and security measures.
- A great opportunity to lead an offensive cyber security team of penetration testers and ethical hackers for a prestigious government subcontractor
- Must show strong skills in Network and Web based Penetration Testing and be able to conduct Penetration Tests using Automated and Manual Methods
- Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
- Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
- Must have solid working experience and knowledge of Windows and Unix/Linux operating system
- Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
- Strong familiarity with OWASP top 10, PTES and NIST 800-53.
- OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications
- Ability to perform static and/or dynamic code review.
- Familiarity with Cloud solutions and how to test their security (Amazon Web Services, Microsoft O365 and Azure, Google Cloud, etc.)
Duration: 6 months contract to hire
PLEASE NOTE: 3RD PARTIES/SUBCONTRACTORS/SUBCONTRACT AGENCIES ARE NOT ELIGIBLE FOR THIS POSITION. SUBCONTRACT AGENCIES NEED NOT APPLY.