Tier 1 Penetration Tester

Description

Job Description:

Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication.

The DHS SOC Support Service Program has a critical need for a Penetration Tester. This is a full time funded position based in Washington DC.

PRIMARY RESPONSIBILITIES:
  • The DHS ESOC is responsible for pen testing resources and support for public facing sites as well as high value assets within the department.
  • Perform penetration tests on computer systems, networks and applications
  • Create new testing methods to identify vulnerabilities
  • The Pen Tester will establish a pen testing program for use throughout DHS
  • Search for weaknesses in common software, web applications and proprietary systems
  • Completes hands on pen testing capabilities
  • Communicates recommended solutions for addressing findings from a pen test


BASIC QUALIFICATIONS:
  • Bachelors' degree from an accredited college in a related discipline, or equivalent experience/combined education, with 8 to 12 years of professional experience; or 6 to 10 years of professional experience with a Masters' degree.
  • Must have a Secret Clearance with the ability to get TS/SCI. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
  • 2 years in Pen Testing and Vulnerability Assessment
  • 3 years of professional experience in incident detection and response, malware analysis, or cyber forensics.
  • Experience with any three of the seven tools listed :Kali Linux, Metaspoilt, Burp suite, Cobalt Strike, Tenable Nessus, Web Inspect, Scuba, or Appdetective
  • Must have one of the following Certifications: SANS, GPEN, GWAPT, GISF, GXPN, OSCP, OSCE, OSWP, OSEE, CISSP, CEH, Security +


Pay Range: