Penetration Tester

Penetration Tester

Vacancy expired!

Description

Job Description:

This person will work on a team of cyber SMEs providing support to the DHS ICE SOC Support Services Program.

Department of Homeland Security (DHS), Immigration Customs Enforcement (ICE) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to ICE networks through monitoring, intrusion detection and protective security services to ICE information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The ICE SOC is responsible for the overall security of ICE Enterprise-wide information systems, and collects, investigates and reports any suspected and confirmed security violations.

The ICE SOC Program has a critical need for a Penetration Tester to join our team working in Washington DC

Primary Responsibilities

Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies.

Perform web app pentests

Perform vulnerability risk assessment

Perform physical pentests and social engineering

Perform cyber incident response as needed for programs

Qualifications

A minimum of an active Secret clearance (and be able to obtain a DHS ICE EOD to support this program.)

• Requires BS degree and 8 12 years of prior relevant experience or Masters with 6 10 years of prior relevant experience.
• Three (3) years of pen test experience
• Knowledge of red, blue, and purple team assessments
• Experience with OSSTMM, OWASP, NIST, PTES, ISSAF methodologies
• Experience with a variety of toolsets for gathering information and conduct comprehensive penetration tests
• Must have at least a CEH, PenTest+, or GPEN certification

Preferred Qualifications

• Extensive experience performing IT security risk assessments
• Experience with programming/scripting in Python, Powershell, Ruby, C, JavaScript, etc
• Experienced with the following Web Application tools; Burp Suite, Web Inspect, Appdetective
• Experienced with Kali
• Experienced with IPS/IDS solutions
• Understanding for the Cyber Kill Chain methodology

Prefer any of the following certifications:

• GIAC Web Applications Penetration Tester (GWAPT)
• Certified Information Security Manager (CISM)
• Certified Web Application Defender (GWEB)
• Certified Information System Security Professional (CISSP)
• GIAC Exploit Researcher and Advanced Penetration (GXPN)
• Offensive Security Certified Professional (OSCP)
• Certified Red Team Operations Professional (CRTOP)
• Certified Mobile and Web App Penetration Tester (CMWAPT)
• Certified Expert Penetration Tester (CEPT)
• Certified Penetration Tester (CPT)
• Licensed Penetration Tester (LPT)

External Referral Bonus:
Eligible

External Referral Bonus $:
5000

Potential for Telework:
No

Clearance Level Required:
Secret

Travel:
No

Scheduled Weekly Hours:
40

Shift:
Day

Requisition Category:
Professional

Job Family:
Cyber Operations

Pay Range: