Senior Penetration Tester

Tyto Athene is searching for a Senior Penetration Tester to support our customer in Arlington, Virginia.Responsibilities:Conduct vulnerability assessmentsCarry out penetration tests, perform social engineering testsAnalyze technical security weaknessesPerform risk analyses and develop exploitsResearch and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and encryptionDevelop tools, techniques, training, and countermeasures for computer and network vulnerabilities, data hiding, and encryption.Required:Bachelor's degree in Computer Science, Information Technology, or related field and 10 years of relevant experience or a Masters degree and 6 years.Must have a strong technical background and understand system architecture and design, operating systems, network infrastructure, software installation on test platforms, software development, database, and operating systems.Security, Software Development, Networking, and/or Systems Administrator ExperienceUnderstanding of 3-tiered Web Applications and Mobile Application ArchitecturesManual Penetration Testing Experience (i.e. mapping applications, injecting SQLi, XSS, XXE, exploit creation)Must have Commercial Web Application Tool Experience (i.e. BurpSuite, AppScan, WebInspect)Network Penetration Testing Tool Experience (i.e. Nmap, Nessus, Wireshark, Metasploit, Hydra, John)Exceptional communication skills, with the ability to explain the technical details of OWASP Top 10 and other vulnerabilities from C-levels to developers in a large professional environmentDesired:Certifications Preferred (Not Required):PNPT - Practical Network Penetration TesterOSCP - Offensive Security Certified ProfessionalCRTO - Certified Red Team OperatorCRTP - Certified Red Team ProfessionalWeb Services Security Penetration Testing ExperienceCommercial Network Penetration Testing Tool Experience (i.e. Metasploit and Cobaltstrike)Experience with Open Source Tools (i.e. Powershell Empire, PowerSploit, Impacket, Rubeus and Mimikatz)Software Development and/or Scripting Experience in PowerShell, .NET, C++, Java, C#, perl, python or bashExperience with Virtual Machine technologiesDatabase Experience (DBA or security penetration testing)Source Code Review (aka Static Code Analysis) experienceGood technical writing skills and attention to detailClearance: Active Secret clearance requiredCertification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.

Created: 2025-01-23