Cloud Penetration Tester

Peraton is seeking a Cloud Penetration Tester. This role will support the improvement of cybersecurity analytics by conducting cloud adversarial emulation testing on the Department of Veterans Affairs (VA) Enterprise Cloud (VAEC) systems. The ideal candidate will have a strong background in penetration testing, particularly in cloud, web application environments, and experience with purple-teaming activities.

Day of week:  Monday - Friday during normal business hours (EST)

Work Location: 100% Remote

In this role, a typical day will include: but not limited too:

• Conduct cloud adversarial emulation testing and assessments on VAEC resources.
• Perform purple-team activities to identify and exploit vulnerabilities, ensuring they are remediated in a correct and timely manner.
• Provide a weekly report detailing the number of planned tests, tests completed, and the outcomes of each test.
• Support 3rd party purple team Cybersecurity Infrastructure Security Agency (CISA) assessments on VAEC resources.
• Collaborate with cybersecurity engineers, analysts, and other stakeholders to ensure alignment and effective communication of findings.
• Stay current with the latest cloud security trends, tools, and best practices to ensure the effectiveness of penetration testing activities.
• Document and report vulnerabilities and provide recommendations for remediation to enhance the security posture of VAEC systems.
• Support to baseline, track, and report audit effort to track the fully updated Inventory of Cloud systems and assets with corresponding system owners. Collect and track Metrics and Objectives & Key Results (OKRs) for cloud compliance with regard to security capabilities.
• Support a Cloud Incident Response Plan (IRP) Preparedness/Tabletop Exercise Plan with identified gaps in people, processes, and technologies.
• Support Cloud Vulnerability Scanning Services to include cloud system auditing, continuous vulnerability scanning of the systems is required to provide vulnerability scanning services support to identify all vulnerabilities.
• Provide Cloud Adversarial Emulation Testing/Assessment to ensure that found vulnerabilities are remediated in a correct and timely manner.  Support cloud purple-teaming on the resources identified during the planning phase with testing and assessments conducted with a priority of External resources.  Support  weekly Cloud Adversarial Emulation Testing/Assessment Report that provides the number of planned tests, tests completed, and the details and outcomes of each test.
• Support review of the Cloud systems toolset configurations to ensure security standards and VA policy are being met.
• Provide Cloud Cyber Monitoring and Incident Response to ensure ability to monitor for and respond to cybersecurity incidents affecting VAEC resources and the CSOC has the correct cloud detections and the resources to monitor those detections on 24/7/365 basis.
• Provide support with VA CSOC’s role in the development of the VA cybersecurity risk register to identify areas that would be most impacted by a cybersecurity incident.

Required Qualifications: 

• 2 years experience with Bachelor’s degree in Information Technology, Cybersecurity, or a related field. 6 years with no degree.
• Ability to obtain Public Trust
• Must be a U.S citizen
• Must be able to successfully undergo a Veterans Affairs High Security Investigation (VA BI)
• Experience in penetration testing, particularly in cloud (AWS, Azure, Microsoft 365, etc.) environments.
• Strong understanding of cybersecurity principles, particularly in cloud environments and cloud hosted web applications.
• Proven experience in adversarial emulation testing and purple-teaming activities.
• Proficiency in using penetration testing tools and technologies.
• Excellent organizational skills and attention to detail, with the ability to manage multiple tasks simultaneously.
• Exceptional written and verbal communication skills
• Exceptional analytical and conceptual thinking skills
• Strong people skills and ability to work collaboratively with a team of peers

Preferred Qualifications:

• Certification in penetration testing with cloud or web app focus (e.g., OSCP, GCPN, GDAT) is a plus.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.