Penetration Tester

1 week ago

Silver Spring, United States Zen Strategics LLC Full time
About Zen:

Own your opportunity to work with a client-focused agile small business. Make an impact by advancing our government organizations charged with keeping our country safe, prosperous, and secure. Zen Strategics, LLC is a cleared, minority-owned SBA 8(a) specialized consulting firm, offering innovative Cybersecurity, Cloud Migration, and Information Technology Modernization. We are a leading organization committed to delivering innovative solutions and ensuring the highest standards of security for our customers' digital assets. We are dedicated to staying ahead of evolving cyber threats and protecting our clients' data with cutting-edge technologies and proactive security measures.??

Position Description:

Seize your opportunity to make a personal impact as a Penetration Tester. Zen is your place to make meaningful contributions to challenging projects and grow a rewarding career. As a Penetration Tester, you will be responsible for ensuring the accurate and timely accomplishment of our client's security controls assessments in accordance with DOC, NOAA, and NWS policies and procedures for implementation of the Risk Management Framework. This position is a key member of our client delivery Assessment and Authorization (A&A). We are actively seeking a highly proficient Security Assessment Specialist able to with general guidance conduct assessments on Cloud systems, blended On Prem systems with cloud components, including combinations of Software as a Service (SAAS), Platform as a Service (PAAS) and Infrastructure as a Service (IAAS) topologies. Cloud services are from various vendors (Microsoft (MS) Azure, Google Cloud, Amazon Web Services (AWS), along with scheduling penetration tests. Position requires being present during core business hours of 9:00 AM to 3:00 PM and cannot begin work any earlier than 7 AM. Work is authorized to be performed from a remote location 2-3 days a week. However, be able to be onsite with as little as 24 hours' notice.

Requirements

Responsibilities:

As a Security Assessment Specialist, you'll be Zen's expert, developing and implementing security standards and best practices for cloud infrastructure and solutions in AWS, Azure, OCI, and GCP cloud platforms hosted in FedRAMP and FedRAMP environments. You'll assist the ISSM in meeting their duties and responsibilities by scheduling, preparing, reviewing, and updating authorization packages. Support the OCIO's A&A Team by performing and leading penetration tests to assess the security of customer systems. Identify vulnerabilities and develop recommended remediations to satisfy mandated NIST 800 -53 security controls. Report and demonstrate findings to system owners and engineers. Develop or modify tools to automate discovery or exploitation. Coordinate with Operations and Maintenance (O&M) teams to drive compliance with Security Controls and requirements.

Required Education/ Qualifications:
  • Education: BS in Information Technology, Project Management, or Cybersecurity preferred
  • Experience:
  • Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations AND comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards.
  • Demonstrated experience with Kali Linux.
  • Demonstrated penetration testing tools experience with Nmap, Burp Suite, Metasploit, etc.
  • Demonstrated ability in evaluating vulnerabilities, performing root cause analysis, and reporting findings utilizing assessment methodologies such as NIST SP 800-115, Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), OWASP Web Security Testing Guide (WTG), etc.
  • At least 5 years of recent experience (within the last 6 years) in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools.
  • At least 5 years of recent experience (within the last 6 years) with enterprise architecture methodologies, concepts, procedures, principles, and tools.
  • At least 5 years of recent experience (within the last 6 years) in contingency planning and backup and recovery best practices and application of NIST guidance in this area.
  • At least 5 years of recent experience (within the last 6 years) in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.).
  • At least 5 years of recent experience (within the last 6 years) in conducting penetration testing or the ability to bring in a penetration tester when required.
  • At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework.
  • US Citizenship Required.
  • Certifications: Possess at least one of the following professional certifications required by DOC Enterprise Cybersecurity Policy (ECP) Annex C-1: Information System Security Training for Significant Roles for a Certification Agent/Security Controls Assessor:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Systems and Network Auditor (GSNA)
  • Electronic Commerce Council Certified Ethical Hacker (CEH)
  • ISC2 Certified in Governance, Risk and Compliance (CGRC)
  • Security Certified Network Professional (SCNP)
  • Security Certified Network Architect (SCNA)
If you do not possess one of the certifications above, you must provide documentation showing you have already taken training and copy examination scheduled. You must pass the exam within six months of joining Zen Strategics.
  • Strong written and verbal communication and collaborative team interpersonal skills.
  • Ability to manage multiple projects simultaneously.
  • Proficiency in interview skills
  • Proficiency in interpersonal skills.
  • Proficiency in handling multiple tasks concurrently.
  • Successful completion of background investigation without any adverse findings are required. Knowledge of and experience with the technical and administrative information system security requirements for high impact, high availability systems in government organizations is required.

  • Experienced Penetration Tester for Enterprise Security

    6 days ago

    Spring Valley, Nevada, United States Saxon Global Full time

    Job Title: Experienced Penetration Tester for Enterprise SecurityJob Summary: Saxon Global is seeking an experienced penetration tester to supplement our internal security efforts. As a penetration tester, you will be responsible for identifying and exploiting vulnerabilities in our web and thick-client applications.Responsibilities:Conduct penetration...

  • Cybersecurity Penetration Tester

    1 week ago

    Spring, United States HP Development Company, L.P. Full time

    Cybersecurity Penetration Tester Description - What a Penetration Tester does at HP: The role is part of a talented team of security engineers and architects within HP Cybersecurity's Architecture & Security Engineering team. Our security engineers are responsible for ensuring the security of HP products, solutions, and infrastructure. Our security engineers...

  • Application Penetration Tester

    4 weeks ago

    Spring, United States KellyMitchell Group Full time

    Job Summary:Our client is seeking an Enterprise Application Tester to supplement internal efforts to move applications from on-prem to SAP/Cloud. All applications are being re-built so this person will be responsible for assisting in completion of the security and vulnerability tests. Enterprise scale and scope with strong experience performing manual web...

  • Application Penetration Tester

    1 month ago

    Spring, United States KellyMitchell Group Full time

    Job Summary:Our client is seeking an Enterprise Application Tester to supplement internal efforts to move applications from on-prem to SAP/Cloud. All applications are being re-built so this person will be responsible for assisting in completion of the security and vulnerability tests. Enterprise scale and scope with strong experience performing manual web...

  • Application Penetration Tester

    4 weeks ago

    Spring, TX, United States KellyMitchell Group Full time

    Job Summary:Our client is seeking an Enterprise Application Tester to supplement internal efforts to move applications from on-prem to SAP/Cloud. All applications are being re-built so this person will be responsible for assisting in completion of the security and vulnerability tests. Enterprise scale and scope with strong experience performing manual web...

  • Penetration Tester

    1 week ago

    Spring, United States Saxon Global Full time

    Exxon Mobil Corporation is looking to bring on an experienced application security testing contractor in order to supplement internal efforts. Candidate should have all of the following technical and professional characteristics as well: - Min 2 years' experience penetration/vulnerability testing for web and thick-client applications in an enterprise...

  • Cyber Security Team Lead

    6 days ago

    Silver Spring, Maryland, United States ATTAINX INC Full time

    Job Title: Cyber Security Team LeadJob Description:Cyber Security Team Lead is a key role at AttainX Inc., where we are seeking a highly skilled professional to lead our Cyber Security team. The selected candidate will be responsible for providing leadership and guidance to teams of ISSOs, Security Control Assessors, Information Security Specialists, and...

  • Cyber Security Team Lead

    6 days ago

    Silver Spring, Maryland, United States ATTAINX INC Full time

    Job OverviewWe are seeking a seasoned Cyber Security Team Lead to oversee our Security Assessment and Authorization initiatives in a hybrid-remote environment. This role requires strong leadership skills, technical expertise, and excellent communication abilities.About the RoleThis position involves providing guidance and direction to teams of security...

  • Cyber Security Team Lead: Strategic IT Protection

    6 days ago

    Silver Spring, Maryland, United States ATTAINX INC Full time

    Job SummaryWe are seeking a highly experienced Cyber Security Team Lead to join our team at ATTAINX INC. in Silver Spring, MD. This is a hybrid-remote position that requires a strong understanding of IT security principles and practices.About the RoleThe successful candidate will lead a team of security professionals focusing on Security Assessment and...

  • Cyber Security Team Lead

    2 weeks ago

    Silver Spring, United States ATTAINX INC Full time

    Job DescriptionJob DescriptionJob Title: Cyber Security Team Lead (Cyber, A&A) Location: Hybrid (Reside within a commutable distance of Silver Spring, MD to work onsite as required)Citizenship: US Citizen or Permanent Resident AttainX, Inc. is in search of a highly energetic Cyber Security Team Lead to join our team on a cyber security program supporting...

  • Cloud Security Engineer/Architect

    1 month ago

    Spring, United States HP Development Company, L.P. Full time

    Cloud Security Engineer/Architect Description - The senior security engineer will join a talented, global team of cloud security engineers, penetration testers, and security architects. This role applies cybersecurity subject matter expertise to challenging security engineering, cloud, and architecture problems across HP. This role is a central member of the...