Principal Penetration Testing & Vulnerability Analyst (Secret Clearance Required) Partners Data Systems
Arlington, VA

Job Description

Since our founding in 2001, AIS has provided a supportive place to work for technologists to research, create and support mission critical cyber security solutions. We have built a reputation for hiring talented and motivated individuals in both our services and R&D organizations. We focus on growing and developing the skills of our employees to ensure that our organization continually provides strong support to keep pace with the needs of our customer base while keeping true to our hacker roots - the Jolly Roger flies proudly outside of our Rome, NY HQ.

Top Benefits Include:

* 401k Plan With 7% Company Contribution - Fully Vested Day 1
* 100 % Company Paid Health Insurance Premiums (Blue Cross/Blue Shield)
* 4 Weeks of Vacation + 10 Paid Holidays (several floating/flexible)
* Flexible Working Schedules

Daily Responsibilities:

* Lead Red Cell assessments
* Assess and enhance current processes for penetration testing and vulnerability assessment
* Recommend mitigation and remediation strategies based upon the class and category of vulnerability
* Performs Leadership Support and Penetration Testing on web and other applications, network infrastructure and operating system infrastructures.
* Briefs executive summary and findings to stakeholders to include Sr. Leadership
* Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
* Assesses the current state of the customer's system security by identifying all vulnerabilities and security measures.
* Helps customer perform analysis and mitigation of security vulnerabilities.
* Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
* Provide support to incident response teams through capability enhancement and reporting.
* Provide mentoring and guidance to junior, mid, and senior staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.

Required Qualifications:

* Must possess eight (8) years of substantive IT knowledge including two (2) years of hands-on Penetration Testing experience and demonstrate hands-on expertise and/or training in areas of emerging technologies.
* Bachelor's Degree in a related field
* Must have experience leading a team of penetration testers/vulnerability analysts and lead security assessments including providing guidance and mentoring to junior, mid, and senior team members.
* Hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, risk assessments, secure coding practices or threat modeling.
* Strong skills in Network and Web based Penetration Testing and be able to conduct Penetration Tests using Automated and Manual Methods
* Understand common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
* Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
* Must have solid working experience and knowledge of Windows and Unix/Linux operating system
* Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
* Strong familiarity with OWASP top 10, PTES and NIST 800-53.
* Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, vulnerability management, assessing network device configurations, and operating systems (Windows/*nix)
* CISSP or equivalent certification

Desired Qualifications:

* Ability to perform static and/or dynamic code review.
* Familiarity with Cloud solutions and how to test their security (Amazon Web Services, Microsoft O365 and Azure, Google Cloud, etc.)
* OSCP, GIAC, GPEN, GWAPT, or other penetration testing certification
* CEH