VariQ has an exciting opportunity for a highly qualified Mid-level Risk and Vulnerability Assessment (RVA) Tester to support the CMS project in Maryland.
* Location: Baltimore, MD with 35% travel component
* Salary: Dependent upon experience
* Security Clearance: Must be able to obtain "Public Trust" level 6 clearance. (SF-85 and SF-86 submission required)
* Available: ASAP
* Perform RVA penetration activities utilizing various automated tools
* Perform Network and Application penetration tests on a wide range of technologies using automated and manual testing techniques
* Exploit security flaws and vulnerabilities with regard to a predefined scope of work and ROE
* Interface with client(s) to plan and coordinate system assessments in a professional manner
* Prepare and Deliver well documented reports identifying weaknesses with mitigation strategies
* 5+ years of Security, Software Development or Networking Experience
* 2+ years of Manual Penetration Testing Experience exploiting various well known vulnerabilities (SQLi, XSS, CSRF, etc.)
* 1+ years working with automated vulnerability scanning tools (e.g., Nessus, Web Inspect, etc.)
* Demonstrated technical experience using Linux and Windows operating systems
* Demonstrated experience using the following security tools Burpsuite, Kali Linux, NMap
* Some network penetration testing experience (using the majority of the following: wireshark, metasploit, hydra, john, sqlmap
* Excellent technical writing skills and attention to detail
* Ability to work in a fast paced environment
* Exceptional customer facing communication skills
* This work will require up to 35% of travel in the US Continental.
* Ability to understand and demonstrate new concepts and technologies quickly
* Database Experience (Oracle, MSSQL, MySQL, MongoDB)
* Application Fuzzing and Web Services testing experience (WSFuzzer, SPIKE, Sulley, SoapUI, BurpSuite)
* Software Development and/or Scripting Experience in C++, Java, C#, perl, python or bash
* Source Code Review (aka Static Analysis) Experience
* Certifications (GPEN, GWAPT, OSCP, CEH, CISSP)
* Knowledge of NIST 800 series and/or FISMA
Clearance: US Citizen - Must be able to obtain "Public Trust" level 6 clearance. (SF-85 and SF-86 submission required).
VariQ is an equal opportunity employer.
Category: IT Security