Cyber Penetration Tester

Overview

On Site
Full Time

Skills

Reporting
NIST 800-53
Security Controls
Cyber Security
Certified Ethical Hacker
GCIA
GCIH
Security+
Customer Engagement
SSCP
Linux
Nmap
Burp Suite
Metasploit
Root Cause Analysis
NIST SP 800 Series
OWASP
Web Security
Testing
Mentorship
Security Clearance
IT Security
CompTIA
CISSP
Cisco Certifications
OSCP
Penetration Testing
TCM
Network
Risk Management Framework
RMF
Authorization
Access Control
Risk Management
Computer Networking
Routing
TCP
UDP
Virtual Private Network
NAT
Firewall
Network Protocols
Secure Shell
FTP
SMTP
SMB
Server Message Block
HTTP
Operating Systems
File Systems
Management
Data Security
Encryption
Scripting
Bash
Python
Windows PowerShell
JavaScript
Web Applications
SQL
Uploading
Authentication
Active Directory
PKI
Multi-factor Authentication
Cloud Computing
Amazon Web Services
Microsoft Azure
Google Cloud
Google Cloud Platform

Job Details

Overview

The Squires Group is seeking an experienced Cyber Penetration Tester to support a critical federal program focused on advancing cybersecurity and technology security initiatives. In this role you will support the team by leading penetration tests, identifying vulnerabilities and recommending NIST 800-53-compliant remediations, reporting findings to system owners and engineers, maintaining infrastructure, and developing or modifying tools to automate discovery and exploitation.

Work will be performed ONSITE in Arlington, VA. Per our client contract, candidates must be U.S. Citizens, possessing a Secret clearance with eligibility to obtain a final Top Secret security clearance.

Responsibilities

  • Perform and lead penetration testing efforts in support of the Team to evaluate the security posture of client systems.
  • Identify system vulnerabilities and develop remediation strategies in alignment with NIST 800-53 security control requirements.
  • Communicate and present security findings to system owners and engineering teams.
  • Manage and maintain the operational infrastructure of the Team environment.
  • Create or enhance tools to automate vulnerability discovery and exploitation processes.


Qualifications

Required Qualifications:

  • Bachelor's degree in a related Cybersecurity or IT field with at least 5 years of relevant experience, or a Master's degree with a minimum of 3 years of relevant experience. In lieu of a degree, 4 additional years of IT security or penetration testing experience may be substituted.
  • At least 2 years of hands-on penetration testing experience.
  • Hold at least one of the following certifications:
    • CCNA Cyber Ops, CCNA-Security, CEH, CFR, Cloud+, CySA+, GCIA, GCIH, GICSP, SCYBER, Security+ CE, or SSCP.
  • Proven experience using Kali Linux in testing environments.
  • Practical experience with penetration testing tools such as Nmap, Burp Suite, Metasploit, and similar utilities.
  • Demonstrated ability to assess vulnerabilities, conduct root cause analysis, and communicate findings using recognized assessment frameworks such as NIST SP 800-115, PTES, ISSAF, and the OWASP Web Security Testing Guide.
  • Capable of leading penetration tests and mentoring both senior and junior penetration testers.
  • U.S. citizenship is required.
  • Must possess an active Secret security clearance, with the ability to obtain a Top Secret clearance.

Preferred Qualifications:

  • Active Top Secret or TS/SCI security clearance.
  • Possession of one of the following certifications, or another verifiable credential demonstrating IT security proficiency:
    • CompTIA CASP+
    • ISC2 CISSP, CCSP, or ISSEP
  • Possession of one of the following certifications, or another verifiable credential reflecting practical penetration testing skills:
    • Offensive Security Certified Professional (OSCP)
    • Hack The Box Certified Penetration Testing Specialist (CPTS)
    • TCM Security Practical Network Penetration Tester (PNPT)
    • GIAC GXPN
    • Zero Point Security Red Team Ops II
  • Advanced understanding of the following areas:
    • NIST Risk Management Framework (RMF) and the Assessment & Authorization (A&A) lifecycle
    • Core security principles including CIA triad, IAAAA, access control models, and risk management concepts
    • Networking fundamentals such as IP routing, TCP/UDP, VPNs, NAT, and firewall configurations
    • Common network protocols (SSH, FTP, SMTP, SMB, HTTP, etc.)
    • Operating system architecture including process, device, and file system management
    • Data security techniques such as encoding, hashing, and encryption
    • Scripting and programming in languages like Bash, Python, PowerShell, and JavaScript
    • Common application vulnerabilities including outdated software, misconfigured permissions, insufficient input validation, and monitoring deficiencies
    • Web application vulnerabilities such as XSS, SQL injection, local file inclusion, insecure file upload, and broken authentication
    • Active Directory (AD) enumeration and exploitation techniques including Kerberoasting, AS-REP roasting, privilege abuse, and golden ticket attacks
    • Understanding of PKI and secure environments implementing multifactor authentication
    • Cloud computing platforms including AWS, Microsoft Azure, and Google Cloud Platform (Google Cloud Platform)




Check out our Referral Program!
The Squires Group will pay you for every qualified professional that you refer and we place. If you see a position posted by The Squires Group and know the perfect person for the job, please send us your referral. For more information, go to .

#LI-JT1

#LI-Onsite
#DI
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.