Penetration Tester Security Clearance

Position: Penetration Tester with Security Clearance
Job Description The Air Combat Command's 67th Cyberspace Wing (67 CW), 346th Test Squadron (346TS) plans, executes, and contributes as both an operational and participating test organization in a full array of operational tests of various cyber weapons in coordination with the 318 Range Squadron (318

RANS) who provides instrumented cyber range services, through both physical hardware and virtual systems. In support of this mission, Tharros has an immediate opportunity for a Penetration Tester who specializes in testing software systems - web apps, applications and databases, for security weaknesses before they can be exploited. In this role you will be responsible for performing security audits, risk assessments and analyses with adherence to DISA STIGs, NIST, and industry best practices;

duties to include vulnerability and compliance inspections to include, but not limited to scanning the network to identify active devices, fingerprint applications, operating systems and databases, identifying vulnerabilities, analyzing the results, manually verifying findings to eliminate false positives or negatives, capturing artifacts such as screen captures, etc., to provide evidence for each exploitable vulnerability, etc. Candidate must also be able to adequately "tell the story"of how the vulnerability was exploited and what the overall impact would be to particular hosts or networks.

Duties:
* Conduct vulnerability, compliance and in-depth penetration testing, on AF/DoD systems (i.e., Microsoft Windows and UNIX based platforms), Database Management Systems (DBMS) schemas (e.g., MS SQL Server, Oracle, Postgre

SQL, MySQL (Maria DB), Mongo DB, Sybase, IBM DB2, SQLite, Fire Bird, and Informix), Web servers (e.g. Ngix, Apache HTTP Server, JBoss, Lite Speed, Microsoft IIS, and Caddy), and Application Servers (e.g. Apache Tomcat, Nod.js, Lighttpd, Eclipse Jetty, etc.) in support of Cooperative Vulnerability and Penetration Assessments (CVPA).
* Analyze and reverse engineer Web application code to discern weaknesses for exploit development, document and transition results in reports, presentations and technical exchanges.
* Possess strong understanding of UNIX/Linux fundamentals along with familiarity of the UNIX/Linux/Windows CLI.
* Demonstrated ability to methodically analyze problems and identify potential solutions.
* Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit.
* Analyze and evaluate DBMS schemas and current or proposed configurations to discern cybersecurity weaknesses for exploitation such as SQL injection, misconfigurations, and weak access controls; formulate recommendations for enhancing web and database internal and external security; document and transition results in reports, presentations, and technical exchanges.
* Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
* Craft recommendations for customer to prevent/mitigate attempted breaches of database security and database security weaknesses.
* Render guidance on formulating security policies, procedures, along with tactics, techniques and procedures to enhance data and database protections.
* Possess good writing and communications skills, with attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations.
* Demonstrate an ability to methodically analyze problems, identify solutions and remain composed in potentially stressful situations.
* Adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability.
* Exhibit good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral presentations.
* Understand and be proficient in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
* Travel up to 25% supporting customer assessments ranging from 1-4 weeks, with the majority being 1-2 weeks in duration. Requirements
* Current Top Secret clearance with SCI eligibility.
* Bachelor's degree in a related field and a minimum of 8-12 years of experience providing related penetration testing services.
* IAT Level III certification required ( CASP, CISSP+, CISA, etc.).
* Must be able to support travel up to 25% (1-3 weeks in duration).

* Must possess a CSSP-Auditor (C|EH, CySA, CISA, GSNA) certification within 6 months.

* Must obtain a Microsoft and UNIX/Linux certification within 6 months.

* Must possess a database certification (e.g., MS SQL Server, OCP, CMDBA, MSDBA, etc.) within 6 months upon arrival on-site.

* Database administrator experience (MS SQL Server, Oracle, Postgre

SQL, etc.).

* Ability to employ various capabilities such as SQLMap, Nmap, Hydra, Metasploit, and Burp Suite, to…