Exploitation Analyst/Penetration Tester
About the position As a Penetration Tester, you will play a crucial role in proactively discovering vulnerabilities in systems and on the Department of Veterans Affairs networks. Your primary focus is completing time-based penetration tests to support the Authority to Operate (ATO) approval process for System Owners. Responsibilities β’ Perform penetration testing against various systems, which may include web applications, databases, web services, network devices, operating systems, cloud installations, and infrastructure (hardware) devices. β’ Utilize a variety of industry standard security tools to conduct manual-based security assessments. β’ Review new vulnerabilities as they are published and develop impact assessments. β’ Determine risk from vulnerabilities based on availability of exploit and potential loss of information and IT services capabilities. β’ Produce periodic trending and impact reports as required. β’ Generate reports (automated and manual) based on results from assessments and explain in detail to customers. β’ Develop new testing techniques and programs to support the Penetration testing team. β’ Manage and maintain hardware and software with an ability to provide infrastructure maintenance support to attack systems. β’ Knowledge and experience with processes and procedures relating to information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. β’ May be required to work outside normal duty hours to perform assessments on certain systems. Requirements β’ Bachelorβs degree (8 years of additional relevant experience may be substituted for education) β’ 1-4 years of experience in IT functions like network administration, engineering, or security β’ 1 year of experience supporting offensive cybersecurity roles β’ Experience with the following: β’ Support Windows, Unix, and Linux operating systems β’ VMWare β’ Kali Linux Suite β’ Nessus Scanner (Tenable) β’ RedHat Enterprise Linux β’ NMAP β’ Ability to conduct scripting in bash and PowerShell Nice-to-haves β’ OSCP β’ PNPT β’ Pentest+ β’ CISSP β’ CEH Benefits β’ Traditional and HSA- eligible medical insurance plans w/ Wellness Incentives for employees and family β’ 100% employer-paid dental and vision insurance options β’ 100% employer-sponsored STD, LTD, and life insurance β’ Veterans Cohort β’ Gym membership reimbursement β’ 401(k) matching β’ Dollar-for-dollar 501(c)(3) donation matching β’ Flexible-schedules and teleworking options β’ Paid holidays and Flexible Paid Time Off β’ Adoption Expense Reimbursement β’ Paid Parental Leave β’ Professional development and career growth opportunities and paid training days β’ Employer-sponsored Employee Assistance Program for employee and family β’ Team and company-wide events, recognition, and appreciation Apply tot his job