Vulnerability Analyst and PenTester Lead - Mid

Sev1Tech is looking for a Vulnerability Analyst/PenTester Lead to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety.  The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support.  Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.

Responsibilities include but are not limited to:

• Conduct Vulnerability Assessment scans for Headquarters and Subscriber systems and networks to identify potential computer security vulnerabilities, risks, and threats
• Operate, and maintain assessments and the resulting Vulnerability Assessment data and reports
• Support the NOSC enclave, HSEN, and Redundant TICs through the conduct of scheduled and ad-hoc vulnerability assessment scanning.
• Scanning shall include:
  • Host-based and vulnerability assessments
  • Network vulnerability assessments
  • Database vulnerability assessments
  • Web-based vulnerability assessments
  • Cloud-based vulnerability assessments
• Employ ad-hoc or emergency vulnerability scanning to support targeted incident investigation, escalation, and emergency response to security events in accordance with documented procedures
• Coordinate with Component security staff to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilities
• Conduct High Value Asset assessments and penetration tests and conduct or assist with penetration tests as requested by Components, System Owners, Information System Security Managers, or Information System Security Officers in support of Security Controls Assessments, continuous monitoring, and FISMA requirements
• Provide penetration testing summary reports, in accordance with the signed Rules of Engagement (ROE) document, to the appropriate System Owner/ISSM/ISSO, Government lead, DHS Program Manager and document the findings
• Prepare and submit security testing Rules or Engagement (ROE) for High Value Assets (HVA), Internal & External Threat Assessments, prior to conducting penetration testing and ensure that the ROE provide the operational security controls to protect both the system and network

• BA or BS degree in Information Technology, Computer Science, or related degree
• At least five (5) years experience performing cybersecurity work
• At least four (4) years of experience providing vulnerability assessment and PenTesting services to federal customers
• Experience with host-based and vulnerability assessments; Network vulnerability assessments; Database vulnerability assessments; Web-based vulnerability assessments;and Cloud-based vulnerability assessments
• In-depth knowledge of security frameworks, standards, and best practices
• Proficiency in using security platforms and tools for assessment and testing purposes including some or all of the following:

  • Astra Security

  • Rapid 7/Metasploit Pro

  • Cobalt

  • GitHub Nikto

  • OWASP ZAP

  • Wireshark

  • OnSecurity

  • Tenable/Nessus

  • W3AF

  • NMap

  • BurpSuite

  • Qualys Cloud Platform

  • Kali Linux

• Working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common Internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)
• Strong analytical and problem-solving skills
• Excellent communication and collaboration abilities
• One or more of the following Certifications:
  • Certified Ethical Hacker (CEH)
  • Licensed Penetration Tester Master (LPT)
  • Offensive Security Certified Professional (OSCP)
  • GIAC Penetration Tester (GPEN) Certification
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Certification
  • CompTIA PenTest+

• Clearance Requirement: Public Trust clearance or higher; Public Trust clearance with Dept of Homeland Security (DHS) or Customs & Border Protection preferred

• DHS experience
• DoD and or Intel Community experience

Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.

Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech

For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com

Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.