Penetration Tester

About Peraton Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit peraton.com to learn how we're keeping people around the world safe and secure. Program Overview About The Role Peraton is looking for a TS/SCI cleared Lead Penetration Tester to support foundational services focused on improvement of capabilities, services, support functions and skillset across the GCC The DCA Branch within the CSSP-D is responsible for conducting both local and remote penetration testing designed to emulate current threat models to the Army network to execute an assessment of the defensive security posture. As the Penetration Testing Lead you shall evaluate for acceptance new penetration testing TTPs (new tool usage or adversary TTP) as required for inclusion on approved penetration tools list. The Contractor shall maintain documentation and how-to-use guides, for all vetted penetration testing (PT) tools. Responsibilities include, but are not limited to: * Utilize offensive toolsets such as Metaspolit and Kali Linux to safely analyze and penetration test production networks and systems, documenting steps and procedures to produce usable vulnerability assessments for the customer* Identify and investigate vulnerabilities, asses exploit potential, and document findings and remedies for presentation to facilitate mitigations on customer systems* Perform planning, execution, and documentation of penetration testing missions in accordance with Red Team methodologies* Perform web application testing using tools such as Burp Suite, Zap Proxy, Skipfish and Nikto, and open-source toolsets* Travel to customer sites to perform network security evaluations, penetration tests, and brief customers on findings* Perform daily cyber threat research and present findings to the organization to maintain knowledge of current adversary tactics, techniques and procedures and how to apply them. Brief staff and leadership on these findings* Perform open-source intelligence gathering to prepare for missions* Write reports of vulnerabilities to increase customer situational awareness and improve the customer's cyber security posture* Assist all sections of the Defensive Cyber Operations team as required in performing Analysis, System Administration, and other duties as assigned* Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations* Write reports of remotely exploitable vulnerabilities to increase customer situational awareness and improve the customer's cyber security posture* Prepare and present technical reports and briefingsQualifications Basic Qualifications: * Active Top-Secret/SCI * Minimum of 6 years technical experience * Certification requirement: Certified Penetration Tester (GPEN) OR Certified Ethical Hacker (CEH) OR meets current DCWF qualification requirements DCWF Code: 541 - Advanced (Masters an IT field OR Applicable Military Training OR one of the following: CFR, CISA, CISM, CySA+, GPEN, GSNA* Must posses an active, OR have the ability to obtain within 90 days of hire date, an ITIL Foundations Certification* Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations* Must possess an in-depth understanding of penetration testing methodology, including recon, exploit, persistence, etc.* Must have a solid understanding of networking protocols, their uses, and their potential misuses* Programming experience in one or more languages, experience in HTLM/CSS or SQL* Experience with one or more scripting languages such as PowerShell, Bash, Python or PerlDesired Qualifications: * Offensive Security OSCP* Army Certified Penetration Tester (or Instructor)* Fluency in one or more programming language (e.g.,Python, C#, Golang)* In-depth understanding of physical penetration test ng or PACS* Demonstrated ability to produce written deliverables and brief senior leadership* Self-starter with excellent judgment, capable of independent decision making #FortHuachuca SCA / Union / Intern Rate or Range Details Target Salary Range: $80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at https://www.careers.peraton.com/benefits. Application Duration Statement: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. EEO:Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.