Pen Tester

2 months ago


Springfield, United States GuidePoint Security Full time

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

An active TS/SCI clearance is required for consideration for this opportunity.

Work will be performed 100% onsite

GuidePoint is seeking highly qualified candidates for an upcoming Government contract award. Hiring for this position is contingent upon contract award.

The Pen Tester role will be responsible for performing comprehensive Risk and Vulnerability Analysis (RVA) assessments in a federal environment, functioning as penetration and purple team assessments. The role will be response for performing penetration testing engagements using major framework like OWASP and NIST, against a range of technologies such as web applications, servers, operating systems, cloud services, AI workflows, and network devices.

This position requires an active TS/SCI security clearance and is not remote. It will be performed on multiple customer sites in the DC Metro area in a classified setting.

What You'll Get To Do:

  • Provide comprehensive start-to-finish RVA assessments, encompassing initial customer outreach, meticulous planning, thorough execution, and detailed reporting.
  • Utilize expertise in assessing both current and emerging technology platforms and architectures, ensuring assessments are relevant and comprehensive.
  • Conduct expert-level assessments using major frameworks like OWASP and NIST, covering a range of technologies such as web applications, servers, operating systems, cloud services, AI workflows, and network devices.
  • Perform in-depth insider threat analysis, integrating it as a crucial part of the assessment process to identify potential internal security risks.
  • Research and simulate emerging zero-day threats, creating mock-up scenarios to demonstrate the feasibility of exploitation and assess system vulnerabilities.
  • Develop custom scripts for specialized exploitation scenarios, tailoring attack strategies to effectively test specific system vulnerabilities.
  • Demonstrate hands-on experience with popular penetration testing software such as Meterpreter Pro, Nessus, and Cobalt Strike, using these tools to conduct thorough assessments.
  • Analyze vulnerability scans and perform follow-on testing of systems to verify exploitability, ensuring comprehensive identification of security weaknesses.
  • Conduct trend analysis across assessments to identify common vulnerabilities among disparate systems, aiding in the development of targeted security strategies.
  • Develop SOPs and best practices for penetration testing and vulnerability assessment, documenting these in corporate knowledge repositories for enterprise-wide distribution.
  • Communicate technical issues effectively to non-technical management, translating complex cybersecurity concepts into understandable terms.
  • Work within corporate issue and knowledge tracking systems, providing continuous status updates on projects and ensuring seamless integration with existing workflows.
  • Test and document new tools, techniques, tactics, and scripts for usability security acceptance testing.
You'll Bring These Qualifications:
  • 10 years of experience leading penetrating testing engagements in a federal environment.
  • Must possess an active TS/SCI Clearance
  • Hands-on experience with Meterpreter Pro, Nessus, and Cobalt Strike.
  • Experience developing custom scripts for certain exploit scenarios and tailoring attack scenarios to test specific system vulnerabilities.
  • Ability to perform routine travel to government facilities for the purpose of conducting assessments and/or tool and lab testing and/or setup
These Qualifications Would Be Nice To Have:
  • Experience performing red-team or penetration testing engagements in a federal environment.
  • Penetration testing on HVA assets in a federal environment.
We use Greenhouse Software as our applicant tracking system and Free Busy for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don't miss updates on your application.

Why GuidePoint?GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1000 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 4,200 customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company's success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks....
  • Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
  • 100% employer-paid medical premiums (employee only $0 deductible and HSA plans) along with 75% employer-paid family contributions
  • 100% employer-paid dental premiums (employee only) along with 75% employer-paid family contributions
  • 12 corporate holidays and a Flexible Time Off (FTO) program
  • Healthy mobile phone and home internet allowance
  • Eligibility for retirement plan after 2 months at open enrollment
  • Pet Benefit Option