General Dynamics Information Technology ยท 5 hours ago
Penetration Tester
Any Location / Remote
Full-time
Onsite
Mid, Senior Level
$106K/yr - $130K/yr
5+ years exp
Maximize your interview chancesInformation Technology
No H1B
U.S. Citizen OnlySecurity Clearance Required
Insider Connection @General Dynamics Information Technology
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Scope, develop, execute vulnerability assessments and secure configuration assessments using tools such as Burp Suite, Nmap, Metasploit and Kali Linux in order to perform the following types of testing (not all-inclusive):
Network Penetration Testing - Web Application Penetration Testing - Mobile Application Penetration Testing - Red Team Simulation - Cloud Based Target Penetration Testing.
Assess NIST 800-53 Rev 4 (and later versions) controls to ensure they are implemented corrected and operating as intended
Coordinate with the pen testing vendor(s) for system assessments in order to scope the testing.
Perform ST&Es.
Work with other branches within CSPO for internal 'Red Team' tests on systems and system controls
Document identified vulnerabilities, how they were discovered and how they can be reproduced.
Analyze findings from vulnerability assessment output to determine if false positives exist and document/justify why the finding is a false positive
Submit, review, process, analyze, follow-up on and make recommendations regarding data related to the status of Plan of Action and Milestones (POA&M), which is the documented plan to mitigate a weakness, item mitigation
Draft reports and other correspondence related to security reviews, audits, POA&Ms Plan of Action and Milestones (POA&M) tracking and related compliance issues.
Review vulnerabilities and analyze if any false positives exist and document any false positives with justification as to why they are not legitimate and provide validation artifacts.
Shall conduct Risk and Vulnerability Assessments (RVA) within the 'Operator Role' in support of the CDC mission which includes the following:
Vulnerability Scanning and Testing to conduct vulnerability assessments.
Penetration Testing, which exploits weaknesses or tests responses from systems, applications, networks, and security controls.
Social Engineering (Phishing), which uses e-mails: (a) as attack vectors or (b) as a means to test security awareness.
Wireless Discovery and Identification, which identifies wireless signals, rogue wireless devices, and exploits access points.
Web Application Scanning and Testing, which identifies web application vulnerabilities.
Database Scanning, which performs a security scan of database settings and controls.
Operating System Scanning, which scans operating systems to do compliance checks.
Conduct following task within the following methodologies:
Pre-Rules of Engagement (ROE): Agency contacted, briefed on CISA Assessment Team services, requested, confirmed, and ROE signed.
Pre-Assessment: Package distributed/received, teleconference, receive artifacts.
Assessment: On- and off-site assessment activities.
Reporting: Draft report submitted, receive comments.
Post Assessment: Final report delivered and out brief.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
5 + years of related experience
Bachelors and 5+ years of relevant experience (or equivalent education/experience)
5+ years of Penetration Testing
Key industry certifications such as CompTIA PenTest+, C|PENT, C|EH Master, GIAC
An active Public Trust is required
Cybersecurity
Information Security
Penetration Testing
Penetration Testing Software
Physical Penetration Testing
US Citizenship Required
Preferred
Previous CDC experience preferred
Ability to work well with a remote team
Benefits
Variety of medical plan options, some with Health Savings Accounts
Dental plan options
Vision plan
401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
Full flex work weeks
Paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
15 days of paid leave per calendar year
10 paid holidays per year
GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees
Short and long-term disability benefits
Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance
Company
General Dynamics Information Technology
General Dynamics Information Technology has worked across the full spectrum of government and business for decades. It is a sub-organization of General Dynamics.
10,001+ employees
Funding
Current Stage
Late StageLeadership Team
Ben Buckley
Vice President, Business Area
Katharine Murphy
VP Cybersecurity, Preparedness and Enforcement
Recent News
2024-11-21
Company data provided by crunchbase
