Competitive Innovations, LLC is seeking an experience penetration tester and assessment lead to support a major federal customer. The position is responsible for leading a small team of information assurance professionals working to improve the customers’ technical security posture. The position works closely with the Red Cell Team Lead to provide support on and/or lead assessments from beginning to completion including meeting with systems owners, scoping assessments, delivery of assessment reports, briefing system owners and stake holders. The position is also responsible for coordinating with government leads to plan assessments, manage customer expectations, and promote process improvement. Duties include planning and leading security assessments, writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.
- Lead Red Cell assessments
- Assess and enhance current processes for penetration testing and vulnerability assessment
- Recommend mitigation and remediation strategies based upon the class and category of vulnerability
- Performs Leadership Support and Penetration Testing on web and other applications, network infrastructure and operating system infrastructures.
- Briefs executive summary and findings to stakeholders to include Sr. Leadership
- Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
- Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures.
- Helps customer perform analysis and mitigation of security vulnerabilities.
- Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
- Provide support to incident response teams through capability enhancement and reporting.
- Provide mentoring and guidance to junior, mid, and senior staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.
- Secret level security clearance required to start; Top Secret eligible/preferred
- Bachelor’s Degree in technical discipline, preferred
- 8+ years of substantive IT knowledge including two 2 years of hands-on Penetration Testing experience
- Experience leading a team of penetration testers/vulnerability analysts and leading security assessments
- Experience and demonstrated expertise with ethical hacking, firewall and intrusion detection/prevention technologies, risk assessments, secure coding practices or threat modeling.
- Strong written and verbal communication skills
- Strong skills in Network and Web based Penetration Testing and ability to conduct Penetration Tests using Automated and Manual Methods
- Understanding of Web Application vulnerabilities such as SQLi, XSS, CSRF, and HTTP Flooding.
- Knowledge of two or more of the following and ability to train others: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
- Working experience and knowledge of Windows and Unix/Linux operating system
- Proficient scripting skills(Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
- Strong familiarity with OWASP top 10, PTES and NIST 800-53.
- Demonstrated ability to mentor and train junior team members
- Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, vulnerability management, assessing network device configurations, and operating systems (Windows/*nix)
- Preferred Certifications: CISSP; OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications; CEH
Competitive Innovations (CI) is a solutions provider to government and industry, headquartered in Arlington, Virginia. CI serves customers with critical requirements – including national and cyber security -- in information technology, management, mission support, training, and web solutions. Founded in July 1999, CI is committed to the core values of integrity and service. CI is a small business concern, Microsoft Gold Certified Partner, and Kentico Gold Partner proudly serving both public and private sector customers. All qualified applicants receive consideration for employment without regard to race, color, age, religion, sex (including pregnancy), sexual orientation, gender identity, national origin, disability or military/veteran status.