By providing the information below and checking the boxes referenced, you acknowledge and consent to SAIC's Privacy Policy to include access and use of your information for the purposes of sharing your information for possible employment recruitment effects by SAIC and it's third party vendors. For further information, see SAIC's privacy policy
Join our Talent Network >
Back to Search Results >
Previous Opportunity > Next Opportunity >

Senior Penetration Tester

This job posting is no longer active.

Job ID: 2012737
Location: BETHESDA, MD, United States
Date Posted: Nov 3, 2020
Category: Cyber
Subcategory: Cyber Eng/Archt
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: TS/SCI with Poly
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: No
Benefits: Click here

Share: mail

HEAR FROM SAIC CHIEF SYSTEMS ENGINEER

Job Description

Description

The Senior Cyber Security Penetration Tester plans, communicates, coordinates and conducts security assessments for applications, systems and enterprise networks. The overall goal of the penetration tester is to proactively identify weaknesses and ensure that devices, applications, services, and systems are designed and implemented to the highest standards and remain resilient to modern threats.


The penetration tester pro-actively conducts engagements that simulate adversarial threats and attacks in a timely manner within approved scopes by taking the vulnerabilities out of the theoretical realm to truly demonstrate the risk with the use existing tools as well as self-created tools including but not limited to creating & customizing exploits and reversing binaries to find security vulnerabilities. The penetration tester helps with the design, development and recommendation of security solutions or new policies, standards and procedures.


Constant collaboration must be managed with various organizational partners including, but not limited to the blue teams, data owners, system owners & control owners to make sure the impact of the risk is understood and managed. The Senior Cyber Security Penetration Tester must establish an excellent trust relationship with the organization and with the cyber defenders to ensure acceptable levels of risk are always maintained for the organization.

Job responsibilities:

    • Plan, communicate, coordinate and perform penetration testing, application testing, and security assessments at application, system and enterprise level
    • Develop automation/scripts for replicating vulnerability validation and penetration tests
    • Devise plans and scenarios for various types of penetration tests
    • Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
    • Experience with various testing tools, such as Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
    • Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, fuzzing, memory corruption and exploit development, etc.), network exploitation (e.g. VLAN hopping) or web application exploitation
    • Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement

Qualifications

  • Active TS/SCI with Poly is required
  • Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity, Customer Security
  • +6 years of Information Security Experience preferably in penetration testing, red teaming, reverse engineering and vulnerability management
  • Professional Security Certifications such as (OSCP/OSCE-Offensive Security Certified Professional/Expert, GXPN-Sans GIAC exploit researcher and advanced Pen Tester, or CRTOP-Certified Red Team Operation Professional, etc).
  • Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
  • Experience with various testing tools, such as Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
  • Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, fuzzing, memory corruption and exploit development, etc.), network exploitation (e.g. VLAN hopping) or web application exploitation
  • Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
              Desired:
              • +2 years of experience within governmental sectors
              • Prior experience or expertise performing Red team exercises


              Overview

              SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.

              Share: mail
              Quick Links
              ×

              During this time, SAIC continues to hire key talent. As we adopt new ways of supporting our business and customers, our company has implemented various flexwork options, as well as virtual hiring processes and online events in compliance with social distancing guidelines. These virtual strategies protect our existing and future team members, while enabling us to keep the security and defense of our nation in focus.

              For more information about joining our team, visit our Frequently Asked Questions (FAQs) page: SAIC COVID-19 Response »