Penetration Testing - Mid-Level/Senior
EnDyna Inc · McLean, VA · 1 wk ago
HybridQuality AssuranceContract
Position Responsibilities
- Conduct advanced penetration testing, security assessments, vulnerability analysis, exploitation activities, technical reporting, and cybersecurity consulting supporting Federal audit activities.
- Perform cybersecurity assessments including: penetration testing, network penetration testing, web application penetration testing, cloud security assessments, wireless security assessments, mobile application testing, container security assessments, AI system security assessments, phishing and social engineering assessments, information gathering and reconnaissance, enumeration of hosts, services, operating systems, applications and network devices, identification of vulnerabilities and attack paths, exploitation of vulnerabilities using approved methodologies, post-exploitation activities, demonstration of persistence techniques, evaluation of data access and exfiltration opportunities, validation of remediation activities.
- Analyze vulnerability scan results, correlate findings from multiple tools, eliminate false positives, prioritize vulnerabilities based upon risk, map findings to NIST, CVE, OWASP and Federal guidance, develop mitigation recommendations.
- Prepare professional technical documentation including: rules of engagement review, attack confirmation lists, penetration testing reports, executive summaries, technical findings, risk analyses, recommendations, supporting evidence, screenshots, logs, testing artifacts.
- Participate in planning meetings, conduct entrance conferences, present technical findings, participate in status briefings, explain vulnerabilities to both technical and executive audiences, support audit teams throughout engagements.
- Provide cybersecurity expertise supporting OIG auditors by: performing vulnerability scans, analyzing scan results, advising auditors on security findings, supporting remote assessments, participating in technical discussions.
Required Qualifications
- Mid-Level: Bachelor's degree in Cybersecurity, Computer Science, Information Technology or related field; 4+ years of penetration testing experience; experience performing network and web application penetration testing; experience with vulnerability assessment tools; knowledge of TCP/IP networking; understanding of Windows and Linux operating systems.
- Senior Level: Bachelor's degree (Master's preferred); 8+ years of penetration testing experience; experience leading penetration testing engagements; advanced exploitation experience; experience with cloud environments; experience mentoring junior testers; strong technical writing skills.
Desired Technical Skills
- Experience With: Burp Suite Pro, Nmap, Nessus, Metasploit, Kali Linux, Wireshark, BloodHound, Impacket, CrackMapExec, PowerShell, Python, Azure, AWS, Docker, Kubernetes, Active Directory, Microsoft Entra ID, Wireless testing tools.
Preferred Certifications
- One or more of: OSCPO, OSCE, OSCEPG, PNE, PNPT, CRTO.
Desired Knowledge & Experience
- NIST SP 800-115, OWASP Testing Guide, MITRE ATT&CK, CVSS, Federal cybersecurity environments, FISMA, FedRAMP.