Position Title
Vulnerability Assessment Analyst and Penetration Tester
Work Location
Camp Pendleton, CA
Position Description
The Vulnerability Assessment Analyst and Penetration Tester is responsible for the delivery of continuous cyber assessments, solving complex technology problems, building tools, and identifying and influencing response to and mitigation of threats. Perform manual assessment of systems, services, and software; specializing in security issues beyond those identified by static analysis tools. The individual ensures services, applications, and websites are designed and implemented to the highest security standards. Responsible for application and hardware penetration testing, automating repetitive tasks using various scripting languages, mentoring, and leading other engineers to deliver complex penetration tests and vulnerability assessments. The individual will be expected to drive automation, tooling, efficiency, and advance the teams penetration testing capabilities. Responsible for creating threat mitigation plans.
Minimum Position Requirements:
Five years of hands-on penetration testing experience with operating systems, web applications, and network infrastructure. Administrator-level knowledge of Windows and Linux Server operating systems. Experience with operating system security. Competent with testing frameworks and tools, such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire. Knowledge of the functionality and capabilities of computer network defense technologies, including router Access Control Lists (ACLs), firewalls, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), antivirus/Endpoint Detection and Response (EDR), and web content filtering. Strong written and verbal communication skills, including the ability to explain complex technical topics to non-technical audiences. Possess one of the following certifications upon onboarding: Offensive Security Certified Professional (OSCP) Offensive Security Web Assessor (OSWA) GIAC Web Application Penetration Tester (GWAPT) GIAC Penetration Tester (GPEN) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Offsec Experienced Penetration Tester (OSEP) Offsec Web Expert (OSWE) Obtain one of the following certifications within 9 months of onboarding: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)\Offsec Experienced Penetration Tester (OSEP)Offsec Web Expert (OSWE)Reports To
Assigned Program Manager
Security Clearance Requirements
Secret
Travel Requirements
Travel is anticipated to be 10% - 15% within the Continental United States and 5%-10% outside the Continental United States
Benefits & Compensation
New employees are eligible to participate in the company's benefits plan as follows:
Insurance Benefits (effective on date of hire):
Medical Insurance Vision & Dental Insurance Long Term & Short-Term Disability, Group Life and AD&D InsuranceFinancial Benefits (effective on date of hire):
Flexible Spending Account (FSA) Health Savings Account (HSA) 401(k) Savings Plan – 100% match for the first 3% contributed plus 50% of the next 2% contributed (no vesting period, eligible on date of hire)Paid Time Off:
Paid Sick Leave – Minimum of 40 hours per year (accrued at a rate of at least 1 hour per every 30 hours worked), available for use as accrued, in compliance with California's Healthy Workplaces, Healthy Families Act Paid Time Off (PTO) – 80 hours per year (accrued ratably throughout the year). Accrued and unused PTO will be paid out upon separation of employment in accordance with California law Paid Holidays – Eleven (11) per yearAdditional Benefits:
Professional Development Program Access to California State Disability Insurance (SDI) and Paid Family Leave (PFL) programsCompensation:
Salary will be determined based on the individual's education and experience levelNote: This summary is not intended to be a complete description of all benefits. Employees will receive detailed information about benefit plan terms, conditions, and eligibility during onboarding.
Note: These statements are intended to describe the general nature and level of work involved for this job. It is not an exhaustive list of all responsibilities, duties, and skills required of this job.
This Position Description does not constitute an employment contract, expressed or implied, nor does it guarantee any specific terms or conditions of employment. Nothing in this Position Description alters the at-will nature of employment Lumbee Holdings, Inc.
Read Less