What are the responsibilities and job description for the PenTest 2 position at Waypoint Human Capital?
Position Title: PenTest 2
Position Type: Full-time, On-Site
Position Location: Chantilly, VA
Clearance: Active TS/SC w/ CI Poly
Waypoint’s client is seeking a Penetration Tester (PenTest) Level 2 to join their growing team. PenTest Level 2 is responsible for reviewing, evaluating, and enhancing the security posture of information systems through thorough testing and analysis. Pen Testers assess vulnerabilities, recommend improvements, and perform security-focused services to safeguard information assets. The role requires significant technical expertise and experience to effectively execute penetration testing activities.
Responsibilities:
Position Type: Full-time, On-Site
Position Location: Chantilly, VA
Clearance: Active TS/SC w/ CI Poly
Waypoint’s client is seeking a Penetration Tester (PenTest) Level 2 to join their growing team. PenTest Level 2 is responsible for reviewing, evaluating, and enhancing the security posture of information systems through thorough testing and analysis. Pen Testers assess vulnerabilities, recommend improvements, and perform security-focused services to safeguard information assets. The role requires significant technical expertise and experience to effectively execute penetration testing activities.
Responsibilities:
- Review and evaluate NRO information systems to identify vulnerabilities and recommend security enhancements to the Government.
- Perform penetration testing and red teaming activities to assess and improve the security posture of NRO information systems.
- Conduct threat hunting exercises to proactively identify potential security threats and weaknesses.
- Demonstrate strong understanding of network protocols, server and workstation operating systems, exploits, and vulnerabilities.
- Utilize penetration testing methodologies such as MITRE ATT&CK and OWASP to conduct thorough assessments.
- Employ common penetration testing tools, tactics, techniques, and procedures to identify and exploit security weaknesses.
- Research, develop, and maintain knowledge of penetration testing tools and techniques to stay current with emerging threats.
- Incorporate threat intelligence data into penetration testing scenarios to simulate real-world attack scenarios.
- Troubleshoot and resolve security issues with a strong attention to detail and problem-solving skills.
- Develop and maintain code using interpreted languages like Python, PHP, or Ruby for scripting purposes.
- Utilize simulated/emulated environments and virtualization technologies for testing purposes.
- Familiarity with orchestration tools and virtualization environments such as Docker and Kubernetes.
- Experience with industrial control systems deployment, security best practices, vulnerabilities, and penetration testing.
- Knowledge of ICD 503 and the Government's certification and accreditation process.
- Proficiency in configuring and supporting various operating systems including Windows, Linux, Unix, and Mac OS X.
- Experience with configuring and supporting virtualization platforms like VMware, Xen, and Hyper V.
- Participate in system certification activities and efforts related to system certification and accreditation.
- Collaborate with cross-functional teams to develop, integrate, and distribute information systems security tools and documentation.
- Ensure consistent security policy implementation through adherence to security procedures for systems and software.
- Provide technical project management support as needed.
- Bachelor's Degree or higher with 3 years of relevant experience, OR High School GED with 5 years, OR Associate's Degree with 4 years, OR Master's Degree or higher with 2 years.
- Degree in Engineering, Cyber Security, Computer Science, or related field of study is desired.
- Experience in performing Certification & Accreditation or Assessment & Authorization testing is preferred.
- Cyber security experience with emphasis on red teaming, penetration testing, or threat hunting.
- Strong understanding of network protocols, server and workstation operating systems, exploits, and vulnerabilities.
- Proficiency in penetration testing methodologies (MITRE ATT&CK, OWASP).
- Ability to utilize common penetration tools and incorporate threat intelligence data.
- Proficiency in troubleshooting, code reading/writing (Python, PHP, Ruby), and virtualization technologies.
- Experience with cloud environments, industrial control systems, and ICD 503/Government's certification process.
- Familiarity with system methodologies, software integration, and security procedures.
- Relevant education in computer engineering, information security, cyber security, or computer science.
- Experience in technical project management.
