Cyber Security - Senior Penetration Tester - Reston. VA

Position Description    

Seeking a Penetration Tester to perform external network-level testing against company assets to include black-box testing with no prior knowledge of systems as well as white-box testing with complete knowledge of systems. The position is located in our Reston, VA office. Internal network-level testing will be performed on internal networks and systems. Application-level testing to involve analysis of application to identify vulnerabilities created through maintenance, configuration or architectural issues, using unauthenticated and authenticated perspectives. Extrusion testing will be done to determine how easily sensitive information can be pushed from the inside out testing DLP systems, proxies and security monitoring. Assigned tasks may include: · Performing network-based security assessments · Performing security assessments on Internet-facing applications · Performing security assessments on software applications · Performing penetration tests across public networks · Performing penetration tests across internal networks · Performing assessments of physical security using social engineering · Developing testing scripts and procedures · Other security-related projects that may be assigned according to skills .

Skills Required    Must have a familiarity with vulnerability management tools such as but not limited to Qualys, McAfee Vulnerability Manager, WebInspect and Nessus. And more importantly have the ability to understand and articulate scan results. Required Skills and Education · Able to obtain a Secret clearance · OSCP or GPEN · Strong ethics and understanding of ethics in business and information security · English language written communication skills

Skills Preferred  

· Ability to read source code (java, php and javascript primarily)

· Web application penetration testing (should be very familiar with the owasp top 10)

· Experience with HP Fortify, Nmap, Nessus, WebInspect, w3af, AppDetective, Burp Suite and similar tools

· Able to assist in determining short term mitigation (Waf rules, signatures, etc ) and long term remediation based on the issue and tools available

· Able to clearly communicate findings from automated tools and manual testing

· Understanding the basic principles of agile development would be helpful. Mainly managing expectations.

Experience Required    

Bachelor's Degree
 
Education Required    8 + years of experience

    this is a 6 mo temp to hire.
 

Talent Orchard LLC is an SBA (8A), Economically Disadvantaged Woman-Owned Small Business, and Woman Business Enterprise Certified firm that provides the following services to clients in the commercial and public service sectors:

• Human Capital
• Professional Services
• Accounting/Audit Readiness
• Network/Cyber Security & IT Infrastructure
• Software Development/Engineering

Established in 2010, Talent Orchard has an exceptional reputation, providing staffing solutions to time-sensitive, talent scarcity issues to deliver better talent management ROI.  Our specialty lies in the critical area of program talent acquisition and resource management, not in one narrow skillset, but across many areas of technical and functional delivery.

@talentorchard