Penetration Tester (Red Team)
US-DC-Washington, D.C.
Careers (External)
Req #: 6572
Type: Full-Time
|
|
|||||||||||
|
||||||||||||
Overview: GovCIO is currently hiring for a Penetration Tester with an active TS/SCI clearance in Washington, DC (4 days onsite, 1 day remote). Responsibilities: * Conduct penetration testing of computer systems, cloud-based systems, networks, and web-based applications, software assurance, and vulnerability assessments * Identify security weaknesses, document findings, and provide recommendations to improve security * Identify root causes of many common vulnerabilities including buffer overflows, SQL injection, cross-site request forgery (CSRF), stored/reflective cross-site scripting (XSS), race-condition (TOCTOU), XML External Entity (XXE), encryption weaknesses, authentication bypass, and others * Identify and address security implications during software acceptance activities, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing * Apply defense functions (e.g., encryption, access control, identity management) to reduce exploitation opportunities due to potential supply chain vulnerabilities * Provide threat intelligence and vulnerability research using NIST 800-53 CSF and MITRE ATT&CK Framework for decision making in cloud security architecture enhancements for testing and production environments * Develop new testing methods to identify vulnerabilities Qualifications: * Bachelor's with 12+ years of cybersecurity experience (or commensurate experience) * Clearance Required: Active TS/SCI clearance
Share this job:
