Penetration Tester

Penetration Tester - Intermediate

Under general supervision, perform penetration testing of applications, systems, and network enclaves to identify security weaknesses and vulnerabilities. Assess enterprise systems using offensive cybersecurity techniques and provide actionable recommendations to reduce risk and improve the organization's overall cybersecurity posture.

Conduct application, network, and wireless penetration testing in accordance with approved methodologies and rules of engagement.

Identify security flaws in computing platforms, applications, and network architectures and develop mitigation strategies to address identified risks.

Apply offensive cybersecurity testing techniques, including manual and automated testing methods.

Coordinate penetration testing activities and schedules with internal stakeholders, system owners, and external partners as required.

Perform network vulnerability assessments and exploitation testing across on-premises and enclave-based environments.

Execute wireless security assessments, including identification of rogue access points and insecure configurations.

Analyze test results and document findings, including severity, impact, and recommended remediation actions.

Prepare and deliver technical assessment reports and briefings to leadership and technical teams.

Support compliance-driven testing efforts, including PCI DSS and other applicable security standards.

Contribute to continuous improvement of enterprise cybersecurity posture through lessons learned and testing feedback.

Secret – IT-II (Tier 3) Non-Critical Sensitive Clearance

Possess a certification in penetration testing, such as:

• Licensed Penetration Tester (LPT)
• Certified Expert Penetration Tester (CEPT)
• Certified Ethical Hacker (CEH)
• Global Information Assurance Certification Penetration Tester (GPEN)

Minimum of 3 years of demonstrated experience performing vulnerability assessments and penetration testing.

Minimum of 2 years of experience conducting network vulnerability assessments and penetration testing methodologies.

Two Years experience with testing tools including NESSUS, METASPLOIT, CANVAS, NMAP, Burp Suite and Kismet.

Minimum of 1 year of experience authoring formal penetration testing or security assessment reports.

Minimum of 2 years of experience using, administering, and troubleshooting Linux operating systems.

Minimum of 2 years of experience using, administering, and troubleshooting Windows Server or Linux servers, including IIS or Apache.

Proficiency with penetration testing and assessment tools, including Nessus, Metasploit, CANVAS, Nmap, Burp Suite, and Kismet.

Strong understanding of TCP/IP protocols, networking concepts, and network architectures.

Knowledge of open security testing standards and projects, including OWASP.

Understanding of PCI DSS testing requirements.

Knowledge of database, application, and web server design and implementation.

Experience with wireless LAN security testing methodologies and tools.

Experience scripting in one or more of the following languages: Perl, Python, Ruby, Bash, or Java.

Demonstrated written documentation and oral presentation skills.

Ability to clearly communicate technical findings to both technical and non-technical audiences.