Vacancy expired!
- Develop rules of engagement, and configure, tune, and operate industry standard pen test assessment tools.
- Coordinate, schedule, and support pen test requests.
- Emulate adversary tactics, techniques, and procedures (TTPs) to validate security controls effectiveness; develop rules of engagement, brief partners on findings and mitigation techniques.
- Analyze pen test reports and produce summary guidance for System Owners and administrators.
- Develop, capture, and deliver summary metrics of pen test activities.
- Draft and deliver executive and technical briefings on pen testing related topics.
- Emulate adversary tactics, techniques, and procedures (TTPs) to validate security controls efficacy.
- Perform penetration test assessments of DOE assets and evaluate findings to determine applicability, saturation, and potential impact.
- Monitor remediation efforts of findings and communicate progress to stakeholders and advise System Owners and Administrators of findings to provide remediation guidance.
- Work with Information System Security Officers (ISSOs) and System Owners to develop Plan of Action & Milestones (POA&Ms) or formalized exceptions to document findings.
- Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master's Degree preferred.
- 5-10 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
- Washington, DC Work Location (potential for part-time remote / hybrid work schedule) and a minimum 25% Travel Requirement (CONUS).
- Candidate should have operational familiarity with current team tools: Nipper, Nessus, Netsparker, Knowbe4, Burpsuite Pro; Maltego; Canvas; Core Impact, Cobalt Strike.
- Must be a US Citizen possessing an active TS Security Clearance.
Vacancy expired!