Penetration Tester Mid

Job Description

ECS is seeking a Penetration Tester Mid to work in our Windsor Mill office.

Position Responsibilities:

Conduct network and web-based application penetration tests

Provide advisement on countermeasures to mitigate threats

Identify security deficiencies and determine the efficacy of security controls design and implementation

Provide vulnerability to exploit mapping

Probe for vulnerabilities in web applications

Conduct physical security assessments and wireless security assessments as required

Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets

Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities

Research, document and discuss security findings with team members

Pinpoint methods that attackers could use to exploit weaknesses and logic flaws

Provide feedback and verification as an organization fixes security issues

Simulate internal lateral movement activities

Provide mentorship and guidance to Junior Penetration Testers.

Salary Range: $105,323.00 - $128,728.00
General Description of Benefits: Benefits Link

Required Skills

Job Requirements:

5+ years of IT experience to include 3+ years of experience in either information security, development, or system/network administration.

Bachelor's degree in an IT related field or equivalent education or work experience.

Programming experience with focus on development, security, or process automation

Working knowledge of TCP/IP ports and protocols

Working proficiency with Windows and UNIX operating systems

Working knowledge of firewalls, routing, switching, and other network security products

Familiarity with web proxy tools such as Burp, ZAP, and Fiddler

Knowledge of security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.

Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, Wireshark, Nikto, etc.

Excellent written and oral communication skills. Must be able to document security deficiencies write Security Assessment reports, Standard Operating Procedure documents, etc.

Self-motivated and able to work in an independent manner

(SF-85 and SF-86 submission required)

Desired Skills

Additional Experience Preferred:

Experienced in at least one related functional area (network security, reverse engineering, programming, databases, mainframes, web applications, etc.)

Application/Systems development experience preferred

An In-Depth familiarity with Linux, MS Windows, or both

Familiarity with Database administration, device configuration hardening and compliance verification

Familiarity with programming/scripting in multiple languages (Python and PowerShell a plus)

Knowledge of applied cryptography

Familiarity with XML, SOAP, and Ajax

Ability to conduct source code reviews

Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and Open-Source Security Testing Methodology Manual (OSSTMM)

Certifications/Licenses:

GIAC certifications (GPEN, GWAPT, GSEC), or technology specific certifications (MCSE, LPIC, CCNA, etc.) a plus

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.