Job Description
Description
The Senior Cyber Security Penetration Tester plans, communicates, coordinates and conducts security assessments for applications, systems and enterprise networks. The overall goal of the penetration tester is to proactively identify weaknesses and ensure that devices, applications, services, and systems are designed and implemented to the highest standards and remain resilient to modern threats.
The penetration tester pro-actively conducts engagements that simulate adversarial threats and attacks in a timely manner within approved scopes by taking the vulnerabilities out of the theoretical realm to truly demonstrate the risk with the use existing tools as well as self-created tools including but not limited to creating & customizing exploits and reversing binaries to find security vulnerabilities. The penetration tester helps with the design, development and recommendation of security solutions or new policies, standards and procedures.
Constant collaboration must be managed with various organizational partners including, but not limited to the blue teams, data owners, system owners & control owners to make sure the impact of the risk is understood and managed. The Senior Cyber Security Penetration Tester must establish an excellent trust relationship with the organization and with the cyber defenders to ensure acceptable levels of risk are always maintained for the organization.
Job responsibilities:
-
- Plan, communicate, coordinate and perform penetration testing, application testing, and security assessments at application, system and enterprise level
- Develop automation/scripts for replicating vulnerability validation and penetration tests
- Devise plans and scenarios for various types of penetration tests
- Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
- Experience with various testing tools, such as Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, fuzzing, memory corruption and exploit development, etc.), network exploitation (e.g. VLAN hopping) or web application exploitation
- Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
Qualifications
- Active TS/SCI with Poly is required
- Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity, Customer Security
- +6 years of Information Security Experience preferably in penetration testing, red teaming, reverse engineering and vulnerability management
- Professional Security Certifications such as (OSCP/OSCE-Offensive Security Certified Professional/Expert, GXPN-Sans GIAC exploit researcher and advanced Pen Tester, or CRTOP-Certified Red Team Operation Professional, etc).
- Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
- Experience with various testing tools, such as Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, fuzzing, memory corruption and exploit development, etc.), network exploitation (e.g. VLAN hopping) or web application exploitation
- Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
Desired:- +2 years of experience within governmental sectors
- Prior experience or expertise performing Red team exercises
Overview
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions.
We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability
