Join SAIC's cyber security team and work on this effort that encompasses technical, engineering, management, operation, logistical and administrative support for cyber security operations. The ideal candidate will have broad and deep experience in cyber security with demonstrated successes in supporting a large scale IT infrastructure encompassing overseas and domestic facilities.
The Penetration Testing program conducts independent testing to ensure appropriate controls and safeguards are in place and function as intended for the Department's critical IT assets. The Penetration Testing program involves independent testing to ensure appropriate controls and safeguards are in place and function as intended for the Department's critical IT assets, including systems, networks, and applications. The scope of the testing is limited to "perimeter" controls and safeguards. The penetration test is conducted in accordance with NSA IAM and IEM, and includes discovery activities, attack planning, test execution, and detailed reporting on test scenarios, findings, and recommendations.
Lead a team that establishes, maintains and coordinates testing schedules. Performs discovery activities, attack planning, test execution, and detailed reporting on test scenarios, findings, and recommendations. Leads and supervises lower-level analysts.
Perform and support perimeter security penetration testing of Department IT assets. Specific activities include but are not limited to the following:
- Develop and maintain a multi-year schedule for penetration testing activities
- Interface and coordinate with third party organizations performing penetration testing
- Interface and coordinate with system owners to establish targets for testing, test schedule, test goals, and rules of engagement
- Plan and coordinate White Cell participation in support of each specific penetration test
- Work with Legal for clearance on attack plans and rules of engagement
- Perform penetration testing, complying with current best practices and federal regulations; produce reports and conduct management briefings on test activities, scenarios, results and recommendations
- Stay abreast of current attack vectors and unique methods for exploitation of computer networks.
- Develop unique exploit code and attack vectors to conduct penetration tests. Render expertise and guidance to other cyber security programs regarding intrusion methods
- Provide monthly project status report Report on quality performance measures quarterly as part of the overall Program performance measures review
Education: A Bachelor's Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline. Four (4) additional years of general experience (as defined below) may be substituted for the degree.
General Experience: 10 years of experience in advanced network operations with increasing responsibilities.
Specialized Experience: Five (5) years of current experience in independent penetration testing of perimeter controls for large, geographically dispersed networks.
Five (5) years in penetration testing per Federal Regulations. Three (3) years of technical task management and supervisory experience.
Must be a Those authorized to work in the United States without sponsorship are encouraged to apply. with active Secret clearance Desired Qualifications
Certification Desired: Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), EC-Council Licensed Penetration Tester (LPT);
Certification Desired: CISSP, Certified Ethical Hacker (CEH), and/or IAM/IEM Certification
My SAIC Benefits.