Apply on Employer Site

ASRC Federal · 2 days ago

Senior Cybersecurity Penetration Tester

Quantico, VA

Full-time

Hybrid

Senior Level

5+ years exp

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. They are actively hiring a Senior Cybersecurity Penetration Tester responsible for conducting simulated attacks on systems and networks, identifying vulnerabilities, and providing recommendations for remediation to enhance the organization's security posture.

ConsultingGovernmentInformation TechnologyLogisticsProfessional ServicesSpace TravelStaffing Agency

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conduct penetration tests of web applications, mobile applications, networks, cloud environments, and other systems

Utilize a variety of tools and techniques to identify vulnerabilities, including SQL injection, cross-site scripting (XSS), buffer overflows, and other common attack vectors

Perform reconnaissance to gather information about target systems and networks

Develop and execute exploit code to demonstrate the impact of identified vulnerabilities

Bypass security controls and evade detection

Perform vulnerability assessments using automated scanning tools and manual techniques

Analyze scan results to identify false positives and prioritize vulnerabilities

Develop custom scripts and tools to automate vulnerability assessment tasks

Document all findings in detailed and comprehensive reports, including descriptions of vulnerabilities, methods used to exploit them, and recommendations for remediation

Present findings to stakeholders, including technical teams and management

Create and maintain documentation on penetration testing methodologies, tools, and techniques

Provide guidance and technical assistance to system owners and developers on vulnerability remediation

Validate remediation efforts to ensure that vulnerabilities have been properly addressed

Conduct retests to verify the effectiveness of implemented security controls

Stay up-to-date on the latest security threats, vulnerabilities, and attack techniques

Research and evaluate new penetration testing tools and methodologies

Develop custom tools and scripts to enhance penetration testing capabilities

Contribute to the development of security policies and procedures

Collaborate with other cybersecurity professionals, including security architects, incident responders, and security engineers

Share knowledge and expertise with team members

Participate in security training and awareness programs

Conduct all penetration testing activities in a legal and ethical manner, adhering to established rules of engagement

Protect the confidentiality and integrity of sensitive data

Respect the privacy of users and systems

Qualification

Penetration TestingSecurity PrinciplesPenetration Testing Tools8570 CertificationEthical HackingCollaborationCommunication Skills

Required

Minimum of 5 – 7 years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures

Proven experience conducting penetration tests of web applications, networks, and other systems

Experience with a variety of penetration testing tools and techniques (e.g., Rapid7 Nexpose, Appspider Pro, Metasploit, Cobalt Strike and/or Burp Suite)

Active Top-Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI

Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field

Must meet 8570 certification requirements at the time of hire. IAT II Information Assurance Baseline (e.g., CASP+ CE, CCMP Security, CISA, CISSP, GCED, GCIH, Security+ CE or CCSP)