(HIZ 9124) SCAR Penetration Tester – Gunter AFB (AL)

Secret, U.S. Citizenship Required
Montgomery, AL
Posted 4 days ago

(HIZ 9124) SCAR Penetration Tester – Gunter AFB (AL)

Location:  Montgomery, AL

Clearance Required: Secret

Anticipated start: late-May/June 2020

PCI has an exciting opportunity for a SCAR Penetration Tester located at Maxwell-Gunter AFB in Montgomery, Alabama to support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases.

Responsibilities:

  • Support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases.
  • Conduct automated testing of web applications and APIs for susceptibility to SQL injections, command injections, Cross-Site Scripting, and Cross Site Request Forgery vulnerabilities using commercial and open source tools:
    • OWASP ZAP, Burp, HCL AppScan
  • Conduct automated vulnerability scanning against supporting infrastructure components using commercial and open source scanning tools:
    • nikto, nessus, nmap, and metasploit.
  • Conduct automated credentialed vulnerability scanning against databases using commercial and open source scanning tools.
  • Conduct manual testing of infrastructure and web applications to identify, test, and validate security vulnerabilities. 
  • Conduct code review and analysis to assess the security posture using static code analysis tools:
    • Fortify, CheckMarx, and Coverity.
  • Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
  • Conduct reviews of system configurations for identification of security weaknesses or misconfigurations.
  • Assess compliance posture against regulatory requirements such as NIST SP 800-53.
  • Analyze security findings, including risk analysis and root cause analysis.
  • Produce Security Test Report to document security testing, validated vulnerabilities, and recommended mitigation/remediation CoAs for Program Management Offices.

Qualifications:

  • Bachelor’s Degree in Computer Science or Information Technology (Preferred)
  • 3-5 years of penetration testing and vulnerability analysis, mitigations and remediations.
  • Five years’ experience with software development, design, configure and test IT applications.
  • Experience with Risk Management Framework and NIST 800-53.
  • Understanding of software development frameworks: Java and .Net 

Certifications: (1 Certification required, additional a plus):

  • CISSP 
  • GIAC Penetration Tester (GPEN)
  • Certified Ethical Hacker (C|EH)

Job Features

Job CategoryCybersecurity

Apply Online

PCI is committed to the principles of equal employment opportunity and gives consideration for employment to qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability or protected veteran status.