Lead Penetration Tester

Job Description

Description

SAIC is looking for a Lead Penetration Tester to serve as Red Team Lead and will be responsible for developing and simulating real-life cyber attacks with the goal of helping organizations improve their security posture.

This is a highly technical hands-on role that will utilize knowledge/experience in operating systems, system administration and creativity skills. This role also requires the qualified candidate to lead other penetration testing team members and serve as the point of contact during customer enagagements.

• Conduct host/network/application penetration testing as a member of a technical team

• Perform full-scope penetration tests (discovery and exploitation of vulnerabilities) on live network infrastructure, services, Active Directory environments, and other systems/applications

• Able to test, identify and exploit trust, misconfigurations and vulnerabilities in live MS Active Directory environments without getting detected by advanced commercial security solutions

• Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)

• Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)

• Able to write scripts in PowerShell, bash and a preferred scripting language

• Research and formulate recommendations for vulnerabilities found during assessments

• Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.

• Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws

• Develop proof-of-concept examples and scenarios for reports and live demonstrations

• Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members

This opportunity is contingent upon award. 

Qualifications

Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience; PhD and four (4) years related experience.

  Required Skills:

- Active TS/SCI or Q Security Clearance

-Must be US Citizen

Active CISSP Certification Other certificaitons: OSCP, GPEN, CEH, Security+

Conduct host/network/application penetration testing as a member of a technical team 

Perform full-scope penetration tests (discovery and exploitation of vulnerabilities) on live network infrastructure services, Active Directory environments and other systems/applications

  Lead/coordinate customer engagements.  

Serve as primary point of contact and ensure the documentation and collection of documents such as rules of engagement prior to active testing. Able to test, identify and exploit trust, misconfigurations, and vulnerabilities in live MS Active Directory environments without getting detected by advanced commercial security solutions 

Test the exploitation of security policies and access controls in restricted/secure environments e.g. GPO bypass, privilege escalation, and A/V evasion) 

Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell) 

Able to write scripts in PowerShell, Bash, and a preferred scripting language 

Research and formulate recommendations for vulnerabilities found during assessments 

Employ extensive use of Microsoft Office main tools: Word, Excel< PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc. 

Able to present, demonstrate, explain, and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws 

Develop proof-of-concept examples and scenarios for reports and live demonstrations 

Create/document tactics, techniques, and procedures (TTP) to train and expand/share knowledge with customers and team members  

Preferred Skills:

Able to review, modify and develop programs or scripts in Assembly, C++, C#, VBS, Python, Perl, Ruby, PowerShell, Bash, JavaScript, Java, PHP and other languages to exploit systems/applications, analyze data, configure systems and automate tasks 

Review custom applications source code for security flaws and vulnerabilities

  Able to test, identify and exploit vulnerabilities in web applications without the use of scanning tools Should have general knowledge and familiarity with NIST SP 800-37

Risk Management Framework (RMF) as penetration testing may be used as part of the verification process. 

 Able to support general RMF activities.

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.