Penetration Tester Security Clearance

Position: Penetration Tester with Security Clearance
Job Description Are you a problem solver? Do you like complex, challenging puzzles? This position involves a blending of several disciplines to include, but not limited, penetration testing, reverse engineering, and code/script development. In this role, you will apply your talents to reverse engineer executables to identify flaws and create and operationally test exploits to take advantage of an identified vulnerability or zero days.

The Air Combat Command's 67th Cyberspace Wing (67 CW), 346th Cyber Test and Evaluation Squadron (346 CTES), executes, and contributes as both an operational and participating test organization in a full array of operational tests of various cyber weapons in coordination with the 318 Range Squadron (318

RANS) who provides instrumented cyber range services, through both physical hardware and virtual systems. In support of this mission, ANALYGENCE is seeking a Penetration Tester (PT) to conduct assessments of threats and vulnerabilities; determine deviations from acceptable configurations, enterprise, or local policy; assess risk levels; and recommend/develop appropriate mitigation countermeasures in operational and nonoperational situations. The PT also performs assessments of systems and networks within the network environment or enclave and identifies where they deviate from acceptable configurations, enclave policy, or local policy and measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Responsibilities include:

* Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives

* Analyze software applications to gain an understanding of the system, mission and or application vulnerabilities and exploits

* Develop exploits for exposed vulnerabilities with a focus on non-interference of mission partner systems and networks

* Conduct and/or support authorized penetration testing on enterprise network assets

* Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions

* Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing

* Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions

* Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews)

* Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)

* Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes)

* Position requires travel up to 25% supporting customer assessments up to 1-4 weeks in duration. Requirements
* Current Top Secret clearance with SCI eligibility.

* Bachelor's degree in a related field and a minimum of 8-12 years of experience providing related penetration testing services.

* IAT Level III certification required ( CASP, CISSP+, CISA, etc.).
* Experience with computer networking concepts and protocols, and network security methodologies.

* Understanding risk management processes (e.g., methods for assessing and mitigating risk), laws, regulations, policies, and ethics as they relate to cybersecurity and privacy, cybersecurity and privacy principles, cyber threats and vulnerabilities, specific operational impacts of cybersecurity lapses and application vulnerabilities.

* Knowledge of cryptography and cryptographic key management concepts, data backup and recovery, host/network access control mechanisms (e.g., access control list, capabilities lists).

* Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

* Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML), how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

* Knowledge of programming language structures and logic, system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

* Knowledge of systems diagnostic tools and fault identification techniques and what constitutes a network attack and a network attack's relationship to both threats and…