Vulnerability Assessment Analyst and Penetration Tester

Our client, a growing federal contractor has multiple openings for Vulnerability Assessment Analyst and Penetration Testers with an active DoD Secret clearance for a newly awarded DoD program at Camp Pendleton, CA (San Diego area).

The Vulnerability Assessment Analyst and Penetration Tester is responsible for the delivery of continuous cyber assessments, solving complex technology problems, building tools, and identifying and influencing response to and mitigation of threats.

Responsibilities:

- Perform manual assessment of systems, services, and software; specializing in security issues beyond those identified by static analysis tools.
- Ensures services, applications, and websites are designed and implemented to the highest security standards.
- Responsible for application and hardware penetration testing, automating repetitive tasks using various scripting languages, mentoring, and leading other engineers to deliver complex penetration tests and vulnerability assessments.
- Drive automation, tooling, efficiency, and advance the teams penetration testing capabilities.
- Create threat mitigation plans.

Required Skills:

- Must have an active DoD Secret
- Five years of hands-on penetration testing experience with operating systems, web applications, and network infrastructure.
- Administrator-level knowledge of Windows and Linux Server operating systems.
- Experience with operating system security.
- Competent with testing frameworks and tools, such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire.
- Knowledge of the functionality and capabilities of computer network defense technologies, including router Access Control Lists (ACLs), firewalls, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), antivirEndpoint Detection and Response (EDR), and web content filtering.
- Strong written and verbal communication skills, including the ability to explain complex technical topics to non-technical audiences.

- Possess one of the following certifications upon onboarding:
o Offensive Security Certified Professional (OSCP)
o Offensive Security Web Assessor (OSWA)
o GIAC Web Application Penetration Tester (GWAPT)
o GIAC Penetration Tester (GPEN)

- Obtain one of the following certifications within 9 months of onboarding:
o GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
o Offsec Experienced Penetration Tester (OSEP)
o Offsec Web Expert (OSWE)