Penetration Tester (Active Secret)

ASRC Federal Vistronix (ASRC Federal) is actively seeking a Penetration Tester with an active Secret clearance to join our Denver-based team and provide cybersecurity analysis and support services for internal and external-facing networks for our federal customer. This role is a remote position but may require occasional travel to the client site.

Key Role :

• The successful candidate will have a solid understanding of Federal security regulations and controls and provide support to the Division of Cybersecurity, working directly for the Cybersecurity Operations Branch Chief on all matters, technical and otherwise, involving the security of information systems.

• Conduct security audits and formal penetration tests by designing and utilizing hacking tools to access designated pieces of data during a predetermined time frame.

• Assess the security of computer software and hardware and provide remediation advice.

• Understand and safely use various open source penetration testing tools and when appropriate, emulating hacker tactics, techniques, procedures.

• Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results.

• Estimated work load is 1-3 assessments per month, consisting of a 1-2-week assessments including report writing.

• While in-between assessments, expected to improve any existing processes, develop tools, and potentially find new vulnerabilities.

• Develop scripts, tools, or methodologies to enhance penetration testing processes.

• Robust creativity and problem-solving skills.

• Knowledge of technical systems and terminology.

• Advanced written and verbal communication skills.

• Web application penetration testing.

• Source code vulnerability analysis.

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. This position is offering a pay range of $105k - $110K depending on experience, seniority, geographic locations, and other factors permitted by law. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

Requirements :

Basic Qualifications:

• Bachelors or Masters degree in Mathematics, Computer Engineering, Cybersecurity or Computer Science.

• 10+ years related experience in lieu of degree is acceptable.

• Demonstrated proficiency in network fundamentals including topologies, TCP/IP and OSI model layers and protocols.

• Experience with network mapping and reconnaissance tools, network data flows, metadata and traffic analysis.

• At least ten years of general Cyber Security experience, with four-plus years of experience in Penetration Testing.

• Must have a Secret clearance.

Preferred Qualifications:

• Demonstrated knowledge of penetration testing tools and techniques.

• Intermediate level experience working with Linux, OS X, UNIX and Windows operating systems.

• Experience working in a Blue, Red or Purple Team environments (platforms and tools) is preferred

• Experience with OLTP and OLAP schemas.

• Expert knowledge of Routers, Switches, Firewall, and associated Network packet analysis.

• Expertise and understanding of Hacker tactics, techniques, and procedures (TTPs).

• Experience with toolsets such as BurpSuite, Shodan, Maltego, Wireshark, Metasploit, tcdump, NMap, Nessus, BackTrack, Snort, ARCGIS, SIEM, BeEF, RPIER.

• Knowledgeable in Offensive and Defensive countermeasures.

• Experience complying with various IEEE software standards a plus.

• Knowledge of wide range of basic communications media concepts and terminology (e.g., computer and telephony networks, wireless, satellite, cable).

• Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.).

• Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networks with Multi-Factor Authentication exploitation experience a plus.

• Experience working with a wide range of both technical and non-technical personnel, including business sponsors, product owners, government project managers, development teams, and end users at all levels of the organization.

• Ability to write reports, business correspondence and Root Cause analysis.

• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.

• Ability to interpret compiled programming languages (command line interface, BASH scripting, and any of the main programming languages (Python, the C family, Angular, etc.).

• Strong working knowledge of cyber security and a willingness to learn new concepts.

• Experience analyzing audit log reports for security vulnerabilities.

• Computer Security certificates, such as CISSP, CISSA, CISM, CompTIA Security+, Certified Ethical Hacker (CEH), highly desired.

• Scripting knowledge is a plus (e.g. Python, Shell, WMI, etc).

• Incident analysis/handling or security certification such as GCIA, GCIH, CEH, Security+ is a plus.

• Experience in a SOC/CSIRT environment is a plus.

• Experience with IPS/IDS, Malware, Proxy, and other security systems is a plus.

• Experience working in an ITIL environment is a plus.

• Ability to manage and balance own time among multiple tasks and lead junior staff when required.

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.