Junior Penetration Tester (SME I)
Employee Type: Full-Time
Location: Suffolk, VA
Job Type: IT Specialist
Experience: 2+ Years
Clearance: Top Secret / SCI Eligible
AERMOR LLC is qualified candidates to provide technical and analytical support for FCC OCA in support of all OCA inspections. Candidates shall perform a wide variety of technical support services and functions required to meet the mission of FCC OCA to enhance overall DoDIN-N readiness and security.
- Support during CCORIs will include areas such as information technology (IT), Platform IT (PIT), Supervisory Control and Data Acquisition (SCADA), Weapon Systems, Hull, Mechanical and Electrical (HM&E), Combat & Integrated Warfare Systems (C/S), and other additional technology areas as directed by JFHQ-DODIN under the CCORI program.
- Utilize a variety of techniques and tools, such as surveillance, close-access operations, and penetration testing to discover cybersecurity flaws and vulnerabilities and shall provide the following:
- Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Recognize and safely utilize attacker tools, tactics, and procedures.
- Develop scripts, tools, or methodologies to enhance cyber threat emulation processes.
- Provide hands-on expertise on-site and remotely, using manual and automated processes.
- Utilize knowledge of cyber threat emulation and penetration testing principles, tools, and techniques.
- Conduct remote and on-site operations to assess an organization’s cybersecurity posture and defensive cyberspace operational effectiveness against an opposing force and maintain related artifact documentation.
- Develop and evolve scenarios, capabilities, and Tactics, Techniques, and procedures (TTPs) based on known threats to the DoDIN, new technologies, previous inspection analysis, and lessons learned.
- Conduct post-inspection sanitization, analysis, and reporting.
- Develop and maintain threat assessment SOPs, checklists, and guides associated with CTE in cybersecurity inspections/assessments.
- Experience in exploitation and vulnerabilities associated with most common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.).
- Manage the multi-domain/multi-forest Active Directory to support operations.
- Simulate sophisticated cyberattacks to identify vulnerabilities.
- Ensure inspection data is captured, collected, and archived in Government data repositories. Provide post-inspection reports, storyboarding, analysis and trending, and lessons learned.
Required Skills and Experience:
- Minimum of two (2+) years’ experience in DoD Network Operations or IA operations to include Local Area Network (LAN) administrator experience. The position will primarily require the candidate to work with a team of penetration testers, helping to conduct varied testing efforts against applications and networks both for the federal government.
- Integrate into ongoing testing efforts, requiring subject matter expertise in multiple disciplines of vulnerability testing and assessment, the ability to interact and liaison directly with clients, and a strong ability to write and document findings.
- DoD 8570.01-M IAT Level II Certification OR CSSP Auditor OR CSSP Analyst.
- One of the following certifications: CEH, CySA+, GCIH, GCIA, GSNA, GICSP, CISA, CFR, SCYBER.
- Education: Minimum of Associate’s degree in a related field, or equivalent education or experience and related training.
For more information contact: firstname.lastname@example.org