Cyber Penetration Tester – Primarily Remote! at ASRC Federal Holding Company #vacancy #remote

ASRC Federal Broadleaf Division is actively hiring a Penetration Tester in support of our DCSA program based out of Quantico VA. Remote flexibility available! This is primarily a Telework position with a requirement to be onsite up to two (2) days a week. ASRC Federal is seeking a Penetration Tester, who will provide broad and in-depth knowledge to conduct offensive cyber operations across the organization. In this role, they will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective, and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques.

BASIC QUALIFICATIONS: Candidates should demonstrate a detailed knowledge the following: Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures Experience in offensive security, with the ability to think like an adversary Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networks Strong experience in operating system and application security hardening and best practices Strong investigative mindset with an attention to detail Experience with multiple operating systems to include Windows, Mac OS, Unix/Linux, and mobile platforms Experience conducting assessments for solutions consisting of a variety of technology stacks and architectural implementations, hosting providers and tools e.g., Rapid7 Nexpose, Appspider Pro, Metasploit or Cobalt Strike / Core Impact. Exposure and understanding of enterprise solutions from a functional and security perspective #Broadleaf Requirements: YEARS EXPERIENCE: At least two (2) years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures. EDUCATION REQUIREMENTS: Bachelor’s Degree, or equivalent experience in Cybersecurity, and/or Information Systems Management, Information Technology CERTIFICAITON(S): Must meet 8570 certification requirements at the time of hire. IAT II Information Assurance Baseline (e.g., CASP+ CE, CCMP Security, CISA, CISSP, GCED, GCIH, Security+ CE or CCSP) In addition to the IA baseline, a CSSP Auditor cert is preferred (e.g., CEH, CySA+, CISA, GSNA, CFR or PenTest) CLEARANCE LEVEL: Active Top-Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI WORK ENVIRONMENT AND PHYSICAL DEMANDS: This is primarily a Telework position with a requirement to be onsite up to two (2) days a week. If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection. Must speak English well enough to communicate complex technical ideas to a diverse customer both verbally and in written form. ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.

remote work Information technology (IT) internet-connection penetration-testing

Leave a Reply