Vulnerability Tester

Where applicable, confirmation that you meet customer requirements for facility access which may include proof of vaccination and/or attestation and testing, unless an accommodation has been approved. Secure our Nation, Ignite your Future Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement. Currently, ManTech is seeking a motivated, career and customer-oriented Vulnerability Tester to join our team in Washington, DC. Job Title: Vulnerability Tester ManTech is searching for a vulnerability tester to support a travel team. This position will primarily support the Judicial Branch of the United State Government to conduct testing of IT assets but will also support Treasury and Federal Reserve IT security assessments. All testing will include scanning the environment or application, gathering and aggregating testing data for trends analysis, developing and maintaining documentation to support the testing process, and actively working to ensure the testing process aligns with industry and Judiciary requirements. The testing is intended to identify all security risks affecting a system at a point in time by testing the effectiveness of implemented technical controls, and by testing for known vulnerabilities. The results of each test will include actionable recommendations that could be leveraged to either remediate or sufficiently mitigate the risk to an acceptable level. Responsibilities: Manage technical testing team to conduct tests of IT assets. Conduct security testing of IT assets, web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, COTS products, cloud implementations, common application platforms, and other technologies connecting to or interacting with the Judiciary, Treasury, or Federal Reserve network. Develop and maintain a repeatable methodology for performing security testing that includes threat modeling, mapping business requirements to the applicable security requirements, determine appropriate security controls, test scenarios and test cases. Review and scope to FedRAMP/NIST 800-53 documentation, when applicable. Conduct kick-off meetings and facilitate preparatory discussions. Develop Security Test Plans that include business context, risk categorization, scope information, and objectives. Perform security testing in accordance with an industry-proven, repeatable methodology, which will include the use of vulnerability detection tools as well as manual detection techniques. Perform security testing to evaluate the effectiveness of applicable security controls. Perform risk analysis of all vulnerabilities and other relevant factors of the boundary being tested and recommend an overall operational risk level. Map vulnerabilities to security controls and consolidate, where feasible. Use the centralized ticketing system for planning, coordinating, and tracking security testing milestones. Provide an Assessment Schedule to identify the testing resources based on tickets that are submitted. Maintain and use the centralized data repository for data entry, storage, reporting, for the analysis of testing data. Develop, maintain and use customized testing scripts (testing automation) for individual and team use. Conduct exit briefings and facilitate discussions about test results, and develop a test report that includes, at minimum, the scope, objectives, and results of the test effort. Meet with stakeholders to respond to ad-hoc questions, test findings, or other IT security related concerns throughout the testing process. Actively participate in team activities, to include recurring team meetings, process improvement discussions, and similar activities. Basic Qualifications: Bachelors 5 years of cybersecurity experience, or similar related experience as an assessor, system/network administrator, security testing experience. Possess one of the following certifications: GIAC Certified Incident Handler (GCIH) Certification, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA). Expertise leading technical teams and the ability to supervise the work of others and provide guidance in performing testing activities. Demonstrated experience performing technical testing using the following tools: Nessus, Burp Suite, NMAP, Wireshark. Experience with the following tools is desired: Kali, Appdetective, Scuba, Nipper, Python Demonstrate familiarity with Infrastructure scanning, Web Application scanning, Active Directory, Firewall/Network Device configuration, CIS Benchmarks. Expertise with manual techniques and automated tools in conducting testing of IT assets. Proficiency evaluating testing results to validate true-positives and rule-out false-positives. Strong communication skills, written and oral, to present highly technical information to non-technical audiences. Proficiency with MS Office, analytical and critical thinking skills, interpersonal and people skills, multitasking ability, organizational skills, and presentation skills to present identified vulnerabilities to technical and non-technical audiences. For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone. ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law. If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services. If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.