Security Engineer - Penetration Tester

Rockville, MD

Posted: 07/30/2019 Employment Type: Contract Industry: IT Job Number: 230069

Security Engineer – Penetration Tester

Rockville, MD


  • Analyze organization's cyber defense policies and configurations and evaluate risk and compliance with regulations and organizational directives.
  • Conduct\Support\oversee authorized penetration testing on enterprise network assets.
  • Prepare and review reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions;
  • Perform risk analysis; Measure effectiveness of controls against known vulnerabilities.
  • Work with stakeholders (system administrators and owners) to manage risks\vulnerabilities.
  • Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) impact\risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
  • Identify systemic security issues based on the analysis of vulnerability and configuration data.
  • Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
  • Ensure remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.; Provide clear updates to management on vulnerabilities; Investigate, document, and report on status and emerging trends.
  • Maintain up-to-date vulnerability profiles, including respective detection and countermeasures.
  • Participate in industry task forces and working groups where appropriate to understand current and emerging vulnerabilities to stay up to date.


Must know
  • Risk management processes (e.g., methods for assessing, mitigating and accepting risks). 
  • Cybersecurity principles, security models, organizational requirements (w.r.t. confidentiality, integrity, availability, authentication, non-repudiation), cyber threats, risks and vulnerabilities, cryptography and cryptographic key management concepts, host/network access control mechanisms (e.g., ACLs), network access, identity, & access management (e.g., PKIs), Computer networking concepts and protocols, and network security methodologies. 
  • Ethical hacking principles, general attack stages; Specific operational impacts of cybersecurity lapses; programming language structures and logic. 
  • Basic system administration, network, and operating system hardening techniques.


Job Requirements
  • Minimum 5 years’ experience in at least 3 of the following:
  • Use of vulnerability management and Penetration Testing tools.
  • Metasploit Pro, Core Impact, OpenVAS, Burp Suite, Nmap, Sqlmap etc.
  • Scripting using one or more of the following: Python, Ruby, Bash, C/C++, C#, or Java.
  • Establishing\improving PenTest policies, procedures, exceptions and operations.
  • Leading or participating cross functional efforts for managing organization wide risks.
  • Collecting, analyzing, reporting and briefing discovered vulnerabilities.
  • Use of industry-standards and widely accepted pen-testing and analysis principles and methods.
  • BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred).


Apply Online

Send an email reminder to:

Share This Job:

Related Jobs: