PENETRATION TESTER: Senior and Expert Levels
Location: Chantilly, VA US
Security Clearance Requirement: TS/SCI with Full Scope Polygraph
Clearance Status: Must be Current JOB DESCRIPTION:
Inferno Systems is currently looking for Penetration Tester positions with a minimum of 7+ years experience conducting technical security and/or vulnerability assessments. Please note the security clearance requirement above: candidates MUST have a current/active TS/SCI with Full Scope Poly to be considered. JOB SUMMARY: We are looking for Penetration Testers whose work will directly impact U.S. policymakers, military officials and law enforcement agencies. You should be able to use sophisticated techniques to identify vulnerabilities, exploit them, and gain and maintain access to targets. You will be performing offensive-like vulnerability assessments against network systems and IT infrastructure. You will identify weaknesses and recommend mitigation steps. You will draft assessment reports for review by senior management to implement your recommendations. You will be digging into hard problems by performing assessments on novel network devices, unique networks and hard targets. You will need to use a wide variety of skills to be able to demonstrate exploiting vulnerabilities and ensuring mitigation steps close the holes you find. REQUIRED SKILLS:
• Solid understanding of networking, TCP/IP, virtualization and cloud/data center architecture.
• Understanding in cloud computing platform technologies such as AWS, Microsoft Azure, Google, cloud computing environment and cloud security.
• Demonstrated real world experience performing gray and black box penetration testing.
• Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.
• Understanding of basic IP fundamentals and how protocols work • Ability to inspect and analyze new applications and traffic flows with the capability of breaking down the interactions between network devices and clients.
• Experienced with network security technologies such as firewalls, proxies, iptables, AntiVirus (AV) products, Virtual Private Networks (VPNs) and Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS).
• Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open source exfiltration techniques.
• Proactive interest in emerging technologies and techniques related to penetration testing.
• Proven ability to perform computer network vulnerability assessment and penetration testing.
• Proficient in tools such as Nmap, Wireshark, Metasploit, Canvas, Kismet, Burp Suite, Kali Linuxetc. • Understanding of operating systems (MaxOS, Windows, Linux) and how clients/servers are built and secured.
• Ability to research, prioritize, problem solve, synthesize large amounts of data/information, and to work several tasks concurrently and with little supervision.
• Excellent interpersonal skills, sound judgment, and organizational/administrative skills.
• Ability to communicate and interact with diverse technical and non-technical groups. DESIRED SKILLS: • Malware analysis or digital computer forensics experience is a plus.
• Cyber related Law Enforcement or Counterintelligence experience.
• Existing Subject Matter Expert of Advanced Persistent Threats and Emerging Threats.
• Understanding of risk planning and mitigation strategies.
• Ability to prepare and present documents and briefing materials.
• Understanding of networking and networking components.
• Understanding the security implementation and setup for both system and networking functions, encryption methods.
• Understanding of cellular technology from device turn on to power off, network functions (SMS, MMS, Voice, Data) and cellular system functions.
• Understanding of wireless and RF technology. • Understanding and experience in conducting risk analysis, risk management, infosec, system testing and client structures. TECHNOLOGIES USED: Operating Systems:
• Microsoft Windows (7 - 10, Server )
• UNIX (Solaris, HP-UX, etc.,) Operating System versions
• Common Linux distributions including RHEL / CentOS / Rocky and Debian / Ubuntu
• OSX / iOS and Android
• VMware / ESXi / KVM / OpenVZ or other virtualized environments
• Linux variant Operating Systems versions
• BSD variant Operating Systems versions Software / Scripting:
• Java / C++
• Bash / Perl / Powershell / Python Database Administration and application development with:
• Oracle platforms
• SQL Server
• MySQL
• Hadoop Wireless:
• WiFi/WiMax/Bluetooth technology (hardware or core software)
• Wired telephony technology (hardware or core software)
• Mobile telephony technology (hardware or core software) Ubiquitous core network devices (switch/router/hub, hardware or core software):
• Cisco
• Juniper
• Common firewalls and security appliances Web Penetration Testing:
• Common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on limitations, etc. Tools:
• Proficiency in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, IPTables, Sysinternals, A/V evasion methodologies, exploit development. Certifications:
• Advanced GIAC and/or (ISC)2 network/cyber security specialties such as OSCP, OSCE, GPEN, GWAPT, GPEN, GXPN, CEH, CISSP.
Read Less
