Location work will be performed: MNO001 - Eagan – MN
Highly qualified remote candidates may be considered.
Job Description: Application Security Tester Level III the Cybersecurity Risk Management Portfollio is in need of 1 Application Security Tester supporting its Vulnerability Management & Assessments.
Selects the appropriate technical tests, network or vulnerability scan tools, and/or pen testing tools based on review of requirements and purpose; lists all steps involved for executing selected test(s) and coaches others in the use of advanced research, development, or scan tools and the analysis of comparative findings between proposed and current technologies
Performs joint interoperability testing on systems exchanging electronic information with systems of other services or nations, and determines whether the system is certified as interoperable based on analysis of results; provides recommendations on how to enable systems to operate effectively together.
Provide technical security assessments of applications and infrastructure, security design reviews as well as risk assessments. This is a hands-on role, requiring technical skills from the hardware to the application layer.
Highly skilled in web application testing, API testing, and network testing
Prior experience with Burp Suite Professional, or other similar DAST tools
Experience with Kali Linux and most of the tools available in the distro for penetration testing
Experience with tools such as Metasploit Pro and Cobalt Strike for red team operations
Experience with Red Team engagements from planning to execution
Experience with phishing network users to gain access for lateral movement on the network.
Experience with Purple Team engagements to test monitoring controls in coordination with engineering teams and CSOC teams.
Proficiency in scripting, such as Python and/orPowerShell.
Experience with penetration testing supporting PCI-DSS
Technical writing skills, along with ease in communicating concepts related to security vulnerabilities and attack path scenarios.
Familiar with OWASP Application Security Verification Standard (ASVS) and MITRE ATT&CK framework
Penetration testing certification recommended. Acceptable certifications: Offensive Security Certified Professional (OCSP), Global Information Assurance Certification (GIAC) Certifications (e.g., GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN))
5+ years of software testing experience with a history performing hands on, web application penetration testing in a variety of diverse environments.
Preferred: Bachelor degree in an information technology discipline or equivalent IT experience.
CERTIFICATIONS: (One or more required)
CompTIA Security +
CPTE - Certified Penetration Testing Engineer
CEH - Certified Ethical Hacker GSEC
Must be able to obtain a Position of Public Trust Clearance
Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
All candidates must be a US Citizen, or have permanent residence status (Green Card).
Candidate must have lived in the United States for the past 5 years.
Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)
All overtime must be pre-approved in writing by the client manager or his/her designated representative.
Agency will not be reimbursed for overtime charges without previous written authorization. Authorized overtime will be reimbursed at straight time.