Security RMF Pen Tester
3 weeks ago
Seeking experienced Security Risk Management Framework (RMF) Technical Controls Assessor and pen tester to support a Federal government client. The responsibilities for the Security RMF Technical Controls Assessor include:
Conduct custom penetration testing scoped to the Federal Information Security Modernization Act (FISMA) systems’ unique environment and role based on the controls, schedule, and resources concurrent with the Information System
Write final reports, defend all findings to include the risk or vulnerability, mitigation strategies, and references
Conduct internal penetration testing and vulnerability assessment of servers, web applications, web services, and databases
Manually exploit and compromise operating systems, web applications, and databases
Examine results of web/OS scanners, scans and static source code analysis
As needed, provide Penetration Testing, Vulnerability Scanning, and App Scanning using tools such as: Burp, Splunk, Nessus, SIH (Tripwire), AppDetective, WebInspect, Metasploit
Develop Penetration Testing Rules of Behavior (RoB) and deliver to team and clients
Understand how to create unique exploit code, bypass AV, and mimic adversarial threats
Help customer perform analysis and mitigation of security vulnerabilities
Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption
Work with the Assessor Lead to conduct the Authorization & Assessment (A&A) for the annual FISMA systems assessment
Establish the schedule and resources for the A&A of the annual FISMA systems assessments
Conduct verbal discussion/meeting to address progress of the A&A effort
· Prepare and update various security documentation such as Systems Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Risk Assessments, Private Impact Assessments (PIAs), and more
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Assist in preparing Security Assessment Plans (SAP) to document test and assessment procedures
Collect artifacts as proof that security controls are performing effectively
Conduct custom interviews based on initial analysis of the system’s security plan to assess compliance with security controls
Conduct system specific review and assessment of applicable controls at each site to be assessed, including and remote assessments (if applicable)
Conduct FISMA systems Continuous Monitoring implementation and assessment
Validate inventories for the annual FISMA system’s assessments
· Gather and analyze sufficient artifacts to verify technical control implementation against agency security policies
Review relevant policies, schedule activities, and provide recommendations for courses of action
· Complete comprehensive test plans for identified security controls following National Institute of Standards and Technology (NIST 800-53), Federal Risk and Authorization Management Program (FedRAMP) guidance, and/or agency-specific guidance
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence)
Produce complete, accurate, and timely findings reports
Develop documents and document templates
Promote an environment of continuous process improvement, learning and team collaboration
Requirements
Qualifications and Skills
Must be a United States citizen
· Two (2) or more years of experience with penetration testing preferred
Two (2) or more years of experience in technical controls assessments preferred
Two (2) or more years of experience with RMF preferred
Two (2) or more years of experience with A&A preferred
Must have hands-on technology experience (Engineering, Development, or Operations)
· Strong familiarity with at least one of the following: Burp Suite, Open Web Application Security Project (OWASP) top 10, Penetration Executive Standard (PTES), and National Security Agency (NSA) Vulnerability and Penetration Testing Standards
Familiarity with the Cyber Security Assessment and Management (CSAM) System for system assessments, or other equivalent tools
Previous experience with security and scanning tools such as Burp Suite, NMAP, Splunk, Nessus, SIH (Tripwire), AppDetective, WebInspect.
Knowledgeable with information security and assurance principles and associated supporting technologies
Flexibility to adapt to contingencies resulting from changes or modifications to the schedule and assessment requirements.
Excellent customer service and organization skills
Excellent oral and written communication skills
Experience in presenting control requirements and deficiencies to both technical and non-technical audiences
Benefits
One or more of the following certifications preferred:
o Offensive Security Certified Professional (OSCP)
o GIAC Security Leadership (GSLC)
o GIAC Penetration Tester (GPEN)
o GIAC Web Application Penetration Tester (GWAPT)
o Certified Information Systems Security Professional (CISSP)
o Certified Ethical Hacker (CEH)
o Other Penetration Testing certifications
-
Security RMF Pen Tester
6 days ago
Washington, United States Hummingbirds Innovations Full timeJob DescriptionJob DescriptionThe ideal candidate has experience performing internal penetration testing, vulnerability assessments and manual exploitation of servers, web applications/services and databases to identify vulnerabilities, misconfigurations, and compliance issues. In addition, the candidate will have extensive experience in performing FISMA...
-
Cybersecurity Rmf Analyst
6 days ago
Washington, United States WILLCOR Inc Full time**Job Title**: Cybersecurity RMF Analyst **Location**: DC/Navy Yard (Telework is acceptable) **Required Clearance**: Secret **Salary**: Negotiable **Description**: **Key Responsibilities**: Serve as a Cybersecurity RMF Analyst / Information Systems Security Officer (ISSO), ensuring delivery of high-quality products and services. Lead the Risk Management...
-
Penetration Tester
1 month ago
Washington, United States Peraton Full timeAbout Peraton Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our...
-
Washington, United States Cherokee Federal Full time508 Developer & Tester We are seeking a talented 508 Developer / Tester to join our team in the Washington DC Area. The ideal candidate will be a Front end/UI Web developer with expertise in ensuring web page designs conform to industry and IRS standards, particularly in terms of accessibility (Section 508 compliance) and usability. This role requires...
-
Compliance Tester with Security Clearance
1 week ago
Washington, United States IBM Full timeIntroductionAs a junior section 508 Certified Software Tester, you will be responsible for ensuring that your team's applications with user interfaces are in compliance with Section 508 accessibility standards for every release. You are comfortable working side by side along with other testers, developers, analysts, designers, and customers, making decisions...
-
Cyber Security Project/Program Manager
1 week ago
Washington D.c., United States Delviom LLC Full timePlease share resume to rajesh at delviom dot comQualifications:Bachelor's degree in Information Technology, Computer Science, Business Administration, or a related field; Master's degree preferred.Minimum of 5 years of experience in information security management.Strong understanding of information security principles, practices, and regulations, including...
-
Cloud Penetration Tester Lead
6 hours ago
Washington, United States Maveris Full timeMaveris is an IT and Cybersecurity services company committed to helping organizations create secure digital solutions to accelerate their mission. We are Veteran-owned and proud to serve customers across the Federal Government and private sector. We have an opening for a full-time Cloud Penetration Tester Lead to join our talented, dynamic team in support...
-
Test Automation Architect
1 week ago
Washington, United States Cherokee Federal Full timeTest Automation Architect (Performance Tester) We are seeking a highly skilled Automated Software Quality Assurance Tester (Performance Tester) to join our team in the Washington DC Area. The ideal candidate will be responsible for driving the overall digital performance test automation strategy to accelerate preparation and execution of testing activities...
-
Test Automation Architect
7 days ago
Washington, United States Cherokee Federal Full timeTest Automation Architect (Performance Tester) We are seeking a highly skilled Automated Software Quality Assurance Tester (Performance Tester) to join our team in the Washington DC Area. The ideal candidate will be responsible for driving the overall digital performance test automation strategy to accelerate preparation and execution of testing activities...
-
Security Engineer with Security Clearance
1 month ago
Washington, United States Source Moon Consulting, LLC Full timeDescription: ECS is seeking a passionate Security Engineer with strong project management experience to support a rapidly growing Data Analytics and Business Intelligence platform focused on providing data solutions that empower our Federal customers. As a Security Engineer, you will ensure that our data systems are protected and work with the technical team...
-
Penetration Tester
1 month ago
Washington, United States Silotech Group, Inc Full timeOverview Silotech Group provides Advanced Cyber Solutions, Intelligence Solutions, Enterprise/Cloud IT Services and Products, and Managed IT/Security Services to Federal, State, and Commercial clients. We provide Federal Government and Commercial clients with customized, agile technical solutions focused on data, enterprise platforms, service engagement, and...
-
QA - Penetration Tester
2 days ago
Washington, United States Quadrant Full timePenetration Tester Washington, DC MUST: Active Top Secret clearance w/ SCI clearance required Experienced Penetration Tester 7+ years of total cyber security and or information technology professional experience. 5+ years of recent experience in the following technical areas: software assurance, penetration testing with a range of automated tools,...
-
Washington D.c., United States Global It Solutions Usi Inc Full timeClient Location: D. C Metro AreaWork Location: Hybrid Model (Mostly REMOTE)Duration: 12+ monthsResource who has Active Secret (or) Top Secret (or) Interim Security Clearance highly desired Position: Peoplesoft DeveloperMust have skills:10 years of overall IT technical experience in system design, project development and production support of large...
-
Washington, United States VTG Full timeOverview VTG is searching for a Senior Cyber Security Analyst professional who is interested in joining a fast-paced and dynamic work environment supporting the US Navy. The candidate will provide direct support to the PEOSHIPS Front office Program, working collaboratively with the Systems Engineering team and Cyber Security Analysts. The physical location...
-
IT Security Officer
1 week ago
Washington D.c., United States Connexions Data Inc Full timeTitle: IT Security OfficerStart: 4+ Months (High possibility of Extension)Type: W2 w/ benefitsLocation: Washington, DCs / HoldersRate: USD 70 80 per hour Job DescriptionRequired Skills: "Five (5) or more years of demonstrated experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for...
-
Senior Security Network Engineer
2 days ago
Washington, United States Evolver Federal Full timeJob DescriptionJob DescriptionEvolver Federal is seeking Senior Security Network Engineer specializing in Cisco hardware to join our team supporting a government customer in Washington DC. In this role you will be responsible for implementing new firewall architectures, upgrades and features as necessary and assisting in the administration of all information...
-
Information System Security Officer
5 days ago
Washington, United States Cyber Guardian Threat Solutions LLC Full timeJob Summary: **Requirements**: - CISSP Certification is highly desired - Five (5) years of experience in performing ISSO role and duties in support of the Federal Government. - Knowledge of Federal Government Security Assessment and Authorization (SA&A) or Governance Risk and Compliance (GRC) practices and policies, particularly Federal Information Security...
-
Security Analyst with Security Clearance
1 week ago
Washington, United States Peraton Full timeAbout Peraton Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our...
-
Security Operations Engineer
1 week ago
Washington, United States Datasoft Technologies, Inc. Full timeSecurity Operations Engineer Job ID : RFQ1694316-1 One year Contract, can be extended to five years Washington, DC Overview The Security Operations Engineer shall be responsible for implementing new firewall architectures, upgrades and features as necessary and assisting in the administration of all information security firewalls to include updates,...
-
Security Operations Engineer
1 week ago
Washington, United States DATASOFT TECHNOLOGIES Full timeSecurity Operations Engineer Job ID : RFQ1694316-1 One year Contract, can be extended to five years Washington, DC Overview The Security Operations Engineer shall be responsible for implementing new firewall architectures, upgrades and features as necessary and assisting in the administration of all information security firewalls to include updates,...