Note: US citizens and those authorized to work in the US are encouraged to apply, we are unable to sponsor this time.
Job Description: Application Security Tester Level IV (Candidates in VA/MD/DC area only – full-time remote support, for local candidates, will be considered)
This resource will be working with the RISK: (VMA) Team to Provide technical security assessments of applications and infrastructure, security design reviews as well as risk assessments. This is a hands-on role, requiring technical penetration testing skills from the hardware to the application layer.
• Highly skilled in web application testing, API testing, and network testing
• Prior experience with Burp Suite Professional, or other similar DAST tools
• Experience with Kali Linux and most of the tools available in the distro for penetration testing
• Experience with tools such as Metasploit Pro and Cobalt Strike for red team operations
• Experience with Red Team engagements from planning to execution
• Experience with phishing network users to gain access for lateral movement on the network
• Experience with Purple Team engagements to test monitoring controls in coordination with engineering teams and CSOC teams.
• Proficiency in scripting, such as Python and/or Powershell
• Experience with penetration testing supporting PCI-DSS
• Technical writing skills, along with ease in communicating concepts related to security vulnerabilities and attack path scenarios.
• Familiar with OWASP Application Security Verification Standard (ASVS) and MITRE ATT&CK framework
Penetration testing certification recommended.
Offensive Security Certified Professional (OCSP)
Global Information Assurance Certification (GIAC)
Certified Penetration Tester (GPEN)
GIAC Web Application Penetration Tester (GWAPT), or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• Develops general test and evaluation plans to compare current and proposed technologies; assesses test results to determine whether they match requirements specifications
• Prepares documents by tailoring technical information and creates benchmark or security authorization reports; outlines key findings related to speed, risks, results and reliability, and recommends acceptance or rejection of technology for applied use
• Selects the appropriate technical tests, network or vulnerability scan tools, and/or pen testing tools based on review of requirements and purpose; lists all steps involved for executing selected test(s) and coaches others in the use of advanced research, development, or scan tools and the analysis of comparative findings between proposed and current technologies
• Prepare the various types of security related documents and conduct vulnerability scans and recognize vulnerabilities in security systems
• Must Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
• Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
• If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
• All candidates must be a US Citizen, or have permanent residence status (Green Card).