(HIZ 9124) SCAR Penetration Tester – Gunter AFB (AL)
Location: Montgomery, AL
Clearance Required: Secret
Anticipated start: late-May/June 2020
PCI has an exciting opportunity for a SCAR Penetration Tester located at Maxwell-Gunter AFB in Montgomery, Alabama to support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases.
- Support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases.
automated testing of web applications and APIs for susceptibility to SQL
injections, command injections, Cross-Site Scripting, and Cross Site
Request Forgery vulnerabilities using commercial and open source tools:
- OWASP ZAP, Burp, HCL AppScan
automated vulnerability scanning against supporting infrastructure
components using commercial and open source scanning tools:
- nikto, nessus, nmap, and metasploit.
- Conduct automated credentialed vulnerability scanning against databases using commercial and open source scanning tools.
- Conduct manual testing of infrastructure and web applications to identify, test, and validate security vulnerabilities.
code review and analysis to assess the security posture using static code
- Fortify, CheckMarx, and Coverity.
- Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
- Conduct reviews of system configurations for identification of security weaknesses or misconfigurations.
- Assess compliance posture against regulatory requirements such as NIST SP 800-53.
- Analyze security findings, including risk analysis and root cause analysis.
- Produce Security Test Report to document security testing, validated vulnerabilities, and recommended mitigation/remediation CoAs for Program Management Offices.
- Bachelor’s Degree in Computer Science or Information Technology (Preferred)
- 3-5 years of penetration testing and vulnerability analysis, mitigations and remediations.
- Five years’ experience with software development, design, configure and test IT applications.
- Experience with Risk Management Framework and NIST 800-53.
- Understanding of software development frameworks: Java and .Net
Certifications: (1 Certification required, additional a plus):
- GIAC Penetration Tester (GPEN)
- Certified Ethical Hacker (C|EH)