Senior Penetration Tester

Peraton is searching for a talented Senior Penetration Tester to become part of Peraton’s Citizens Security & Public Services, State and Local Account. This position will be remote.

What you’ll do:

The Senior Penetration Tester will be responsible for the following, but not limited to:

Leads the penetration test part of the assessment. Responsible for developing the testing results and remediation recommendations of the assessment report. Contributes to the planning phase of the Assessment activities.  They will apply technical and professional skillsets to lead technical meetings and support the scoping section which consists of interviews with individual or group subject matter experts to complete the Rules of Engagement (ROE) activities, achieve clarification, or lead to the location of evidence.  They communicate and share information gained during the planning phase with the entire assessment team.  They works directly with the customer and Peraton team to successfully plan and execute the assessment, as well as notify and support the assessment services.  They participate in assessment activities and perform the adversarial testing.  Leads the post-execution out brief to the customer.  Leads the development of the draft and final Assessment reports.  Identify potential improvements to the customer organization security posture that are related to organizational system(s) use and interconnections, as well as identifying strengths and weaknesses in incident management capabilities that are applicable to protecting and sustaining the organizational system(s).

• Experience and familiarity with the assessment methods defined in NIST SP 800-30 Rev. 1 and NIST SP 800-53A Rev. 4 (interview, examine, and test)
• Penetrate desktops, servers, applications, operating systems, and security systems to gain root/admin access
• Provide black-box, grey-box, and white-box penetration testing using tools and techniques to conduct cybersecurity evaluations for highly specialized network communication systems
• Modify open-source exploits to bypass/evade antivirus, firewalls, hardened systems, and IDS/IPS systems
• Modify computer/system/network attacks, exploits, and Metasploit modules to create variations that evade detection
• Perform reconnaissance, privilege escalation persistence, lateral movement, and payload generation for multiple targets
• Hide digital artifacts and communications to evade antivirus, firewalls, IDS/IPS systems, Wireshark, and tcpdump
• Configure phishing and smishing environments to support social engineering testing
• Work independently to analyze, research, and solve technical problems
• Leverage existing business processes and document new repeatable business processes and procedures where necessary
• Research external information on cybersecurity events, incidents, threats, and technical vulnerabilities
• Presents categorize findings and remediations actions in detailed written reports, POA&M, and presentations to customers.

Basic Qualifications:

• Bachelor’s degree in Cybersecurity, Information Security, IT, Computer Engineering, Network Engineering, Computer Science, or Computer Forensics with 8+ years of experience or a High School Diploma/equivalent and 12 years of relevant experience.
• Performing authorized penetration testing on enterprise networks
• Gaining access to targeted networks
• Applying expertise to enable new exploitation and maintaining access
• Obeying appropriate laws and regulations
• Providing infrastructure analysis
• Performing analysis of physical and logical digital technologies
• Conducting in-depth target and technical analysis
• Creating exploitation strategies for identified vulnerabilities
• Monitoring target networks; and
• Profiling network users or system administrators and their activities
• Experience with Tenable Nessus Pro, Kali Linux, BurpSuite, and Metasploit tools
• Experience with programming/scripting: Python, PowerShell, Ruby, C, JavaScript, ect.

Preferred Qualifications:

• MS degree in Computer Science, Engineering, Computer Forensics, Network Security, or equivalent technical experience
• 4 years of exploit development, computer/network security, or network traffic analysis using analytical tools
• Expert knowledge of networking components/devices and various OS/applications in Linux and Windows environments
• At least one of the following certifications
  • OSEP (Offensive Security Experienced Penetration Tester)
  • OSCP (Offensive Security Certified Professional)
  • GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
  • GPEN (GIAC Certified Penetration Tester)
  • LPT (Licensed Penetration Tester)

 Benefits:

At Peraton, our benefits are designed to help keep you at your best beyond the work you do with us daily. We’re fully committed to the growth of our employees. From fully comprehensive medical plans to tuition reimbursement, tuition assistance, and fertility treatment, we are there to support you all the way.

Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly differentiated national security solutions and technologies that keep people safe and secure. Peraton serves as a valued partner to essential government agencies across the intelligence, space, cyber, defense, civilian, health, and state and local markets. Every day, our employees do the can’t be done, solving the most daunting challenges facing our customers.