Apply on Employer Site

Belay Technologies · 2 months ago

Senior Penetration Tester

Annapolis Junction, MD

Full-time

Onsite

Senior Level, Lead/Staff

$150K/yr - $220K/yr

12+ years exp

Belay Technologies is a certified Service-Disabled Veteran-Owned Small Business located in Columbia, Maryland, specializing in systems automation and full stack development. They are seeking a Lead Penetration Tester to join their intel team, responsible for ensuring the security of Enterprise-wide information systems and performing penetration testing to identify vulnerabilities and develop mitigation strategies.

Information TechnologyProfessional NetworkingSoftwareVirtualization

No H1B

U.S. Citizen Only

Responsibilities

Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies

Perform web app pentests

Perform vulnerability risk assessment

Perform physical pentests and social engineering analysis

Perform cyber incident response as needed for programs

Evaluate the impact of new development on the operational security posture of IT systems

Evaluate, review, and test critical software

Formulate security compliance requirements for new system features

Identify and remediate security issues throughout the system

Audit and assess system security configuration settings using common methodologies and tools

Work with development teams to enrich team-wide understanding of different types of vulnerabilities, attack vectors, and remediation approaches

Work closely with System Engineering, Test Engineering, and Integration teams to ensure hardware and software architecture and implementations meet strict security requirements

Propose, assess, coordinate, implement, and enforce information systems security policies, standards, and methodologies

Serve as a Subject Matter Expert in security architecture, to include providing advice to Program Managers, Customer technical experts, and internal program teams

Qualification

Penetration testing toolsWeb developmentPythonCyber Kill ChainRisk Management FrameworkBurp SuiteKaliIPS/IDS solutionsSecurity risk assessmentsIncident responseCollaborationProject managementSoft skills

Required

Must have a FS poly from the MD customer, last poly must be within the past six (6) yrs., NO CCAs

Must have experience with penetration testing tools

Must have experience in web development and programming languages such as Java, XML, Perl and HTML

Must have experience with programming/scripting in Python, Powershell, C, JavaScript, etc

Must have extensive experience performing IT security risk assessments

Must have experience performing web app and physical pentests

Must have experience with or strong familiarity of the following Web Application tools; Burp Suite, Web Inspect, Appdetective

Must have experience with or strong familiarity of Kali

Must have experience with or strong familiarity of IPS/IDS solutions

Must have a strong understanding of the Cyber Kill Chain methodology

Must have experience applying Risk Management Framework

Must have experience with secure configurations of commonly used desktop and server operating systems

Must have the ability to effectively collaborate with technical staff and customers to form mitigation strategies and plan for continuous modernization and legacy integration

Must have experience managing multiple projects simultaneously and quickly and effectively adjusting to shifting priorities in resolving issues

Preferred

Bachelor's degree in a technical/information assurance field and at least 12 years of relevant experience

Certifications in one or more of the following areas strongly preferred: GIAC Web Applications Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Web Application Defender (GWEB), Certified Information System Security Professional (CISSP)

Extensive experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response

Extensive experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass development, design, and implementation

Benefits

8 weeks paid leave - 4 weeks of personal leave, 3 Yay! days, take off on your birthday, 11 paid holidays and optional leave up to 6 days through Belay's volunteer program

10% matching in 401(k) contributions vested on day one

$5,000 annual training/tuition

Student Loan Repayment Program

100% company funded HSA

Rich medical coverage (100% coinsurance)

Dental coverage including orthodontia

Up to $420,000 in life insurance, premiums 100% company funded

Amazon Prime, gym reimbursement, monthly lunches, games and prizes

Pet adoption program, generous referral bonus program, fun events, and more!