Role & seniority: Senior Penetration Tester

Stack/tools: NESSUS, METASPLOIT, CANVAS, NMAP, Burp Suite, Kismet; TCP/IP; Windows Server (IIS); Linux; PCI DSS testing; OWASP; databases and web server design

Top 3 responsibilities

Conduct application, network, and wireless security assessments and penetration testing
Apply offensive testing techniques and coordinate projects with internal/external owners
Identify cybersecurity risks and recommend risk mitigation to improve enterprise posture; document findings

Must-have skills

6+ years in vulnerability assessment and penetration testing; 3+ years with listed testing tools
3+ years network vulnerability assessments and testing methods; 3+ years in testing assessment reports
2+ years Windows Server/IIS and Linux administration/troubleshooting; 2+ years PCI DSS testing
Certifications: LPT, CEH, GPEN, CEPT or similar; scripting in Perl/Python/Ruby/Bash/Java
DOD SECRET clearance and eligibility for IT-I Critical Sensitive/T5
Knowledge: TCP/IP, OWASP, open security testing standards; wireless security testing

Nice-to-haves

Bachelor’s degree; wireless LAN security testing experience
Location & work type: Location not specified; contingent upon award of contract; likely full-time/contract with eligibility for high-level security clearances.

Full Description

Overview

Please note that this position is contingent upon the successful award of a contract currently under bid. Global in service but local in approach, Nisga'a Tek is committed to high-quality service to those who defend us. Nisga'a Tek ensures mission assurance and execution for customers and warfighters. Providing intelligence, IT, cyber security, training, logistics, administrative, acquisition, and background investigation services.

Summary

The Senior Penetration Tester will independently perform penetration testing of applications, systems and enclaves Identifies security flaws in computing platforms and applications and devise strategies and techniques to mitigate identified cybersecurity risks.

Responsibilities

Essential Job Functions

Performs application and network penetration testing and wireless security assessments.
Applies offensive cybersecurity testing techniques, coordinate testing projects with internal and external system owners.
Reports the nature of identified cybersecurity risks and recommends risk mitigation measures to improve the cybersecurity posture of the enterprise.

Qualifications

Necessary Skills and Knowledge

Knowledge of TCP/IP protocols and networking architectures
Excellent written documentation and oral presentation skills
Knowledge of open security testing standards and projects, including OWASP
Knowledge of databases, applications, and Web server design and implementation
Possess oral and written communication skills

Minimum Qualifications

Minimum six (6) years proven proficiency in performing extensive vulnerability assessment and penetration testing
Minimum three (3) years of experience with testing tools, including NESSUS, METASPLOIT, CANVAS, NMAP, Burp Suite, and Kismet
Minimum three (3) years of experience with network vulnerability assessments and penetration testing methods
Minimum three (3) years of experience with writing testing assessment reports
Minimum two (2) years of experience with using, administering, and troubleshooting a WINDOWS Server, IIS
Minimum two (2) years of experience with using, administering, and troubleshooting a major version of Linux
Minimum two (2) years of experience PCI DSS testing

Possess a certification in penetration testing, such as

Licensed Penetration Tester (LPT)
Certified Expert Penetration Tester (CEPT)
Certified Ethical Hacker (CEH)
Global Information Assurance Certification Penetration Tester (GPEN)

Senior Penetration Tester