Intermediate Penetration Tester
Chenega Corporation - Washington, DC
Apply NowJob Description
Intermediate Penetration TesterDo not pass up this chance, apply quickly if your experience and skills match what is in the following description.Hybrid Schedule: In person, in the Washington, DC office twice per weekAre you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer's core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting-edge technology and take your career to the next level!Chenega Systems (CS) provides federal agencies empowered solutions in Cybersecurity and Data Visualization. Our Subject Matter Experts offer decades of experience working in the federal marketplace and the data visualization environment.The SBA Office of the Chief Information Officer (CIO) Information Security Division (ISD) supports the mission of delivering cybersecurity, privacy, controlled unclassified information programs, and records management services throughout the U.S. Small Business Administration. At a high level, the SBA Information Technology (IT) ecosystem consists of one preponderant 20,000 node Multi-Protocol Label Switched (MPLS) infrastructure, two on-premises data centers, and approximately seventy smaller field offices; and additionally utilizes resources from numerous cloud providers.The Intermediate Penetration Tester provides services related to penetration, offensive, and similar types of testing, including but not limited to, penetration testing (gray and black box), red team testing, static code analysis, dynamic code analysis, and Application Programming Interface (API) testing.ResponsibilitiesWork you'll doIdentify vulnerabilities and weaknesses within the systems, determine exposure and complexity of exploitConduct continuous penetration testing of the enterprise IT environmentAssess the effectiveness of security controls implemented to protect systems in support of the Authorization Process, Security Impact Analysis through Change Management and as requiredMimic attacks of threat actors defined by the Cyber Threat Intelligence (CTI) Team to assess and improve IT system resilience, SOC monitoring effectiveness, and tuning of security toolsPerform ad hoc, focused pen tests to validate the effectiveness of corrective actions taken to address identified weaknessesPerform Penetration Testing Services for any internal or public websites and associated systemsDevelop and execute plans that include penetration testing of all IT systemsValidate remediations by re-testing all Critical and High findings identified through penetration testingDevelop or adapt queries and/or scripts that test all APIs provided by the customer against the Open Web Application Security Project (OWASP) API Top Ten (or alternate criteria as specified)Perform network mapping, vulnerability scanning, and support phishing simulations as well as report findings and make remediation recommendationsDevelop Quarterly Penetration Testing Schedule and Annual Internal Penetration Testing Standard Operating Procedures (SOP)Other duties as assigned.QualificationsBS degree in Cybersecurity or a related discipline5+ years of experience in penetration testing and/or offensive securityCompTIA PenTest+, CompTIA CySA+, EC-Council CEH or equivalent certificationBackground checkKnowledge, Skills, and Abilities:Experience assessing mobile devices (IOS, Android, Windows) such as iPhone, iPad, and other mobile devices, including mobile applications built to function on a mobile device.Experience assessing web applications and websites Application Programming Interfaces (APIs) during the API lifecycle.Experience assessing database applications or stored functions, database systems, database servers, and associated network links that validate the database security and verify the adversaries are not able to exploit vulnerabilities in the database to access or modify the data.Experience with source code analysis, identifying any vulnerabilities or weaknesses within the software.How you'll growAt Chenega MIOS, our professional development plan focuses on helping our team members at every level of their careers to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn.We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their careers.BenefitsAt Chenega MIOS, we know that great people make a great organization. We value our team members and offer them a broad range of benefits.Learn more about what working at Chenega MIOS can mean for you.Chenega MIOS's cultureOur positive and supportive culture encourages our team members to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them be healthy, centered, confident, and aware. We offer well-being programs and continuously look for new ways to maintain a culture where we excel and lead healthy, happy lives.Corporate citizenshipChenega MIOS is led by a purpose to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our team members, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.#J-18808-Ljbffr
Created: 2024-11-05