NikSoft is currently conducting a search for a Penetration Tester
to join our federal client's cyber security team. The successful candidate will experience an unparalleled large-scale enterprise environment with over 800 Information Technology systems, supporting billions of dollars in annual revenue, supporting a diverse user base spread across the entire US. Join the NikSoft team to scale up your career to the next level. Responsibilities
The successful candidate will use both automated tools and manual techniques to test the security controls deployed at various points within Agency's information systems and networks.
Penetration tester will be required to perform testing, document results, engage with stakeholders, conduct meetings, discuss findings, provide recommendations, explain testing techniques, and stay current on weaknesses and vulnerabilities which are announced both publicly and privately.
The Penetration tester will perform in-depth testing, which may include exploitation of Agency's assets in order to determine the resiliency and permeability of Agency's networks and IT systems.
Perform security testing of web applications, client/server applications, web services, APIs, operating systems, databases, and network fabric devices (i.e. switches, routers, firewalls, load balancers, WAPs, etc.).
Ensure current penetration testing tools are sufficient to the task of conducting penetration testing for Agency and regularly look for and recommend additional software that which may fill gaps in Agency's current security testing toolset. Qualifications:
- Bachelor's degree in Computer Science or a related IT field.
- 5+ years of relevant experience in software development, cyber security, and testing.
- 2+ years of hands-on penetration testing experience in a large-scale enterprise environment.
- Must have a strong understanding of the OWASP Top Ten weaknesses, and the OWASP (or similar) web application testing frameworks.
- Must be proficient in web programming languages, in addition to mobile and remote access capabilities.
- Solid understanding of information security engineering, architecture, and application security principals.
- Proficient in at least two of the following scripting languages: PowerShell, Bash, Python, Ruby
- Proficient in multiple offensive tools/technologies to include: Metasploit, Cobalt Strike, Core Impact, Burp Suite, SDR, Wireless, Intercepting Proxies, etc.
- Solid foundation in formal penetration testing, ethical hacking of embedded systems, web applications and complex networked system
****Candidates must be able to obtain a Postal Sensitive Clearance (ship or required). Additionally, candidates must not have traveled outside of the USA for a combined period exceeding 6 months within the last 5 years.***
- Experience working in an Agile and DevOps environment.
- CISSP, Certified Ethical Hacker (CEH), CISA or a similar certification