Sr. Cloud Penetration Tester -Secret Required

Clearance Level
Secret
Category
Cyber Security
Location
Rosslyn, Virginia

REQ#: RQ100358

Travel Required: None
Requisition Type: Regular

Project Overview:

Provides Cloud Penetration testing and Vulnerability Analysis support to a cabinet level federal agency.  Contributes to a team of information assurance professionals working to improve the clients’ technical security posture.  Duties include planning and conducting penetration tests, writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.

Must possess six (6) years of substantive IT knowledge and demonstrate hands-on expertise and/or training in areas of emerging cloud and mobile technologies. The focus of this position is on testing the security and implementation of GOV-Cloud systems (Amazon AWS, Google Cloud, and Microsoft Azure and O365, among others), assessing the risks inherent in a cloud implementation, and how that impacts the traditional “on premises” existing architecture.  The candidate must also have hands-on experience and expertise with ethical hacking, traditional penetration testing techniques, secure coding practices and threat modeling. Be a self-starter with, keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player. In addition the candidate must possess the following skill set:

  • Able to conduct Penetration Tests and Vulnerability Analysis using Automated and Manual TTPs.
  • Have experience with common cloud implementations and their vulnerabilities
  • Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
  • Must be able to use at least two of the following proficiently and instruct others on them:  Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.  
  • Must have solid working experience and knowledge of Windows and Unix/Linux operating system
  • Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, assessing network device configurations, and operating systems (Windows/*nix)
  • Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming  
  • Strong familiarity with at least one of the following: OWASP top 10, PTES and NIST 800-53.
  • Must be able to work alone or in a small group.

Daily Responsibilities:

  • Performs cloud and network penetration testing, application testing, source code reviews, threat analysis, and social-engineering assessments
  • Briefs executive summary and findings to stakeholders to include Sr. Leadership
  • Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
  • Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures.
  • Helps customer perform analysis and mitigation of security vulnerabilities.
  • Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
  • Provide support to incident response teams through capability enhancement and reporting.
  • Mentor Jr and Mid staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.

Preferred but not absolutely required:

  • OSCP, GIAC GPEN, GWAPT  or other Penetration Testing certifications
  • CISSP
  • Certified Ethical Hacker

Required:

  • Must possess six (6) years of substantive IT knowledge and demonstrate hands-on expertise and/or training in areas of emerging cloud and mobile technologies
  • A Bachelor’s degree in Computer Science, Information Systems, Engineering, Telecommunications, or similar field required.  Master’s degree preferred
  • Secret Required/Top Secret preferred

This position requires being fully vaccinated against COVID-19 by December 8, 2021 or the start date, if after December 8.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.