Job Description

(RIS) has an immediate job opening for a cleared Cyber Penetration Tester to support a U.S. Federal Agency contract to enable mission accomplishment by performing independent penetration testing to ensure appropriate security controls and safeguards are in place and function as intended for the designated systems. The penetration tests are conducted in accordance with NSA INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM), and includes discovery activities, attack planning, test execution, and detailed reporting on test scenarios, findings, and recommendations. Identify current and emerging threat trends, threat actors using a variety of cyber threat intelligence sources. Provide technical assessments of cyber threat actor use of cyber vulnerabilities, exploits, payloads, access infrastructures, and mission platforms. Conduct all-source research on cyber threat actors and intrusion sets (e.g., APTs); evaluate both technical and Intel reporting for cyber threat activities of interest. Engage in detailed analysis of incidents, threats, vulnerabilities, tactics, techniques and procedures (TTP), and other malicious and non-malicious indicators.

Location: (Rosslyn, VA)

Description: Conducts network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both functionality and intent of software systems. Resolves and overcomes highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. May prepare and present technical reports and briefings. May perform documentation, vetting and utilizing identified vulnerabilities for operational use.

Job Responsibilities:

Develop and maintain a multi-year schedule for penetration testing activities
Connect with and coordinate with third party organizations performing penetration testing for DS/CTS/CMO Connect with and coordinate with system owners to establish targets for testing, test schedule, test goals, and rules of engagement
Organize and lead efforts that document and design improvement strategies for discovered vulnerabilities and monitoring gaps
When authorized, exploit known vulnerabilities against Department systems in a controlled manner to ensure Department defenses can detect exploitation
Plan and coordinate Department participation in support of each specific penetration test
Design, perform and report on penetration testing of systems to satisfy the NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, Penetration Testing Execution Standard (PTES), and Information Systems Security Assessment Framework (ISSAF)
Cultivate reports and conduct management briefings on test activities, scenarios, results and recommendations
Stay abreast of current attack vectors and unique methods for exploitation of computer networks
Develop unique exploit code and attack vectors to conduct penetration tests
Render expertise and guidance to other cyber security programs regarding intrusion methods

Required Skills:

Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following: Understanding with computer intrusion analysis and incident response; Knowledge of Intrusion detection/protection systems; Understanding of network devices, multiple operating systems, and secure architectures; Working knowledge of network protocols and common services; System log analysis
Experience resolving situations caused by network attacks
Ability to assess information of network threats such as scans, computer viruses or complex attacks
Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk
Selects, installs, and configures security testing platforms and tools or develop tools and procedures for penetration tests
Engages in penetration testing using standard tools (Metasploit, Nmap, Nessus, Burp Suite, etc.)
SIEM content Analysis, Development and Testing
Experience with SIEMS (such as NetWitness, Splunk, SumoLogic, QRadar)
Experience with EDR solutions (Carbon Black, Crowdstrike, FireEye, SentinelOne)
Familiarity with : HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
Knowledge of and practical experience of integration of COTS or open source tools
Excellent interpersonal skills responsive to customer needs
Dedicated, persistent and determined; loves solving problems and puzzles; analytically rigorous; uncompromising integrity
Detail-oriented with demonstrated ability to document processes
Excellence with using MS Office
Flexible and able to work collaboratively across teams and physical locations
Adaptable and willing to work rotating shifts

Required Certifications:
Possess at least 1 IT certification such as:
Certified Information Systems Security Professional (CISSP)
GIAC Penetration Tester (GPEN)
GIAC Certified Incident Handler (GCIH)
GIAC Network Forensic Analyst (GNFA)
GIAC Intrusion Analyst (GCIA)

Desired Skills:
Experience working in any of the following: Security Operations Center (SOC); Network Operations Center (NOC); Computer Incident Response Team (CIRT)
Experience with RSA Netwitness, Splunk, FireEye NX, EX, HX, AX, Carbon Black Response, RSA Archer Experience with firewalls, routers or antivirus appliances
Experience working on a 24x7x365 environment
Experience with help desk tools
Working knowledge of WAN/LAN concepts and technologies

Desired Certifications:
Possess 1+ professional certification, such as:
GIAC Certified Enterprise Defender (GCED)
GIAC Security Expert (GSE)
Certified Information Security Manager (CISM)
Certified Ethical Hacker (CEH)
Global Industrial Cyber Security Professional (GICSP)
Certified SCADA Security Architect (CSSA)

Required Education:
BS Degree with in Computer Science/Electrical Engineering, Engineering, Science or a related field. Must have a minimum of 1+ years experience or equivalent education and experience.

*Must have an active TS with the ability to obtain TS/SCI clearance.

*Occasional travel within CONUS and OCONUS is required.

165682