Senior Cybersecurity Penetration Tester Security Clearance

Position: Senior Cybersecurity Penetration Tester with Security Clearance
ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™ ASRC Federal is actively hiring a Senior Cybersecurity Penetration Tester in support of our Defense Counterintelligence Security Agency (DCSA) program based out of Quantico VA.

Remote flexibility available! Telework offered with a requirement to be onsite up to two (2) days a week at Quantico Marine Corps Base VA. Position

Description:

The Cybersecurity Penetration Tester is a hands-on technical role responsible for conducting simulated attacks on systems and networks to identify vulnerabilities and weaknesses that could be exploited by malicious actors. This role requires a deep understanding of security principles, hacking techniques, and attack methodologies. The Penetration Tester will plan, execute, and document penetration tests, provide recommendations for remediation, and contribute to the overall improvement of the organization's security posture.

Minimum Requirements:

* Minimum of 5 - 7 years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures.
* Proven experience conducting penetration tests of web applications, networks, and other systems.
* Experience with a variety of penetration testing tools and techniques (e.g., Rapid7 Nexpose, Appspider Pro, Metasploit, Cobalt Strike and/or Burp Suite).
* Active Top-Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI
* Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field.
* Must meet 8570 certification requirements at the time of hire. IAT II Information Assurance Baseline (e.g., CASP+ CE, CCMP Security, CISA, CISSP, GCED, GCIH, Security+ CE or CCSP) In addition to the IA baseline, a CSSP Auditor cert is preferred (e.g., CEH, CySA+, CISA, GSNA, CFR or Pen Test) Responsibilities:
* Penetration Testing:
* Conduct penetration tests of web applications, mobile applications, networks, cloud environments, and other systems.
* Utilize a variety of tools and techniques to identify vulnerabilities, including SQL injection, cross-site scripting (XSS), buffer overflows, and other common attack vectors.
* Perform reconnaissance to gather information about target systems and networks.
* Develop and execute exploit code to demonstrate the impact of identified vulnerabilities.
* Bypass security controls and evade detection.
* Vulnerability Assessment:
* * Perform vulnerability assessments using automated scanning tools and manual techniques.
* Analyze scan results to identify false positives and prioritize vulnerabilities.
* Develop custom scripts and tools to automate vulnerability assessment tasks.
* Reporting and Documentation:
* * Document all findings in detailed and comprehensive reports, including descriptions of vulnerabilities, methods used to exploit them, and recommendations for remediation.
* Present findings to stakeholders, including technical teams and management.
* Create and maintain documentation on penetration testing methodologies, tools, and techniques.
* Remediation Support:
* * Provide guidance and technical assistance to system owners and developers on vulnerability remediation.
* Validate remediation efforts to ensure that vulnerabilities have been properly addressed.
* Conduct retests to verify the effectiveness of implemented security controls.
* Research and Development:
* * Stay up-to-date on the latest security threats, vulnerabilities, and attack techniques.
* Research and evaluate new penetration testing tools and methodologies.
* Develop custom tools and scripts to enhance penetration testing capabilities.
* Contribute to the development of security policies and procedures.

* Collaboration:

* * Collaborate with other cybersecurity professionals, including security architects, incident responders, and security engineers.
* Share knowledge and expertise with team members.
* Participate in security…