Principal - Penetration Testing and Vulnerability Analysis (Active Secret Required)

Clearance Level
Secret
Category
Cyber Security
Location
Rosslyn, Virginia

REQ#: RQ39209

Provides Penetration testing and assessment lead support to a cabinet level federal agency. As a Principal Penetration Tester the candidate will lead a small team of information assurance professionals working to improve the customers’ technical security posture. The candidate will work closely with the Red Cell Team Lead to provide support on and/or lead assessments from beginning to completion including meeting with systems owners, scoping assessments, delivery of assessment reports, briefing system owners and stake holders.

Coordinates with government leads to plan assessments, manage customer expectations, and promote process improvement. Duties include planning and leading security assessments, writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.

Overview of Responsibilities:

  • Lead  Red Cell assessments
  • Assess and enhance current processes for penetration testing and vulnerability assessment
  • Recommend mitigation and remediation strategies based upon the class and category of vulnerability
  • Performs Leadership Support and Penetration Testing on web and other applications, network infrastructure and operating system infrastructures.
  • Briefs executive summary and findings to stakeholders to include Sr. Leadership
  • Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
  • Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures.
  • Helps customer perform analysis and mitigation of security vulnerabilities.
  • Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
  • Provide support to incident response teams through capability enhancement and reporting.
  • Provide mentoring and guidance to junior, mid, and senior staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.
  • Must show strong skills in Network and Web based Penetration Testing and be able to conduct Penetration Tests using Automated and Manual Methods
  • Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
  • Must be able to use at least two of the following proficiently and instruct others on them:  Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.  
  • Must have solid working experience and knowledge of Windows and Unix/Linux operating system
  • Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming 
  • Strong familiarity with OWASP top 10, PTES and NIST 800-53.
  • A demonstrated ability to mentor and train junior team members
  • Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, vulnerability management, assessing network device configurations, and operating systems (Windows/*nix)
  • Must be able to work alone or in a small group.

Optional Skills:

  • Ability to perform static and/or dynamic code review.
  • Familiarity with Cloud solutions and how to test their security (Amazon Web Services, Microsoft O365 and Azure, Google Cloud, etc.)

DESIRED QUALIFICATIONS: Bachelor’s Degree or equivalent work experience. Must possess eight (8) years of substantive IT knowledge including two (2) years of hands-on Penetration Testing experience, and demonstrate hands-on expertise and/or training in areas of emerging technologies. Primarily, the candidate must have experience leading a team of penetration testers/vulnerability analysts and lead security assessments including provide guidance and mentoring to junior, mid, and senior team members. Secondarily, the candidate should have hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, risk assessments, secure coding practices or threat modeling. Be a self-starter with, keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player. 

Certifications:
Required:
•    CISSP
Preferred but not absolutely required:
•    OSCP, GIAC GPEN, GWAPT  or other Penetration Testing certifications
•    Certified Ethical Hacker

#CSOSFeaturedArticle

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.