Junior Penetration Tester (SME I)

​​Employee Type: Full-Time
Location: Suffolk, VA
Job Type: IT Specialist 
Experience: 2+ Years
Clearance:  TS/SCI

Work Allocation: On-Site

AERMOR LLC is seeking qualified candidates to provide technical and analytical support for FCC OCA in support of all OCA inspections. Candidates shall perform a wide variety of technical support services and functions required to meet the mission of FCC OCA to enhance overall DoDIN-N readiness and security.

Responsibilities Include: 

  • Support during CCORIs will include areas such as information technology (IT), Platform IT (PIT), Supervisory Control and Data Acquisition (SCADA), Weapon Systems, Hull, Mechanical and Electrical (HM&E), Combat & Integrated Warfare Systems (C/S), and other additional technology areas as directed by JFHQ-DODIN under the CCORI program.
  • Utilize a variety of techniques and tools, such as surveillance, close-access operations, and penetration testing to discover cybersecurity flaws and vulnerabilities and shall provide the following:​ 
    • Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
  • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
  • Recognize and safely utilize attacker tools, tactics, and procedures.
  • Develop scripts, tools, or methodologies to enhance cyber threat emulation processes.
  • Provide hands-on expertise on-site and remotely, using manual and automated processes.
  • Utilize knowledge of cyber threat emulation and penetration testing principles, tools, and techniques.
  • Conduct remote and on-site operations to assess an organization’s cybersecurity posture and defensive cyberspace operational effectiveness against an opposing force and maintain related artifact documentation.
  • Develop and evolve scenarios, capabilities, and Tactics, Techniques, and procedures (TTPs) based on known threats to the DoDIN, new technologies, previous inspection analysis, and lessons learned.
  • Conduct post-inspection sanitization, analysis, and reporting.
  • Develop and maintain threat assessment SOPs, checklists, and guides associated with CTE in cybersecurity inspections/assessments.
  • Experience in exploitation and vulnerabilities associated with most common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.).
  • Manage the multi-domain/multi-forest Active Directory to support operations.
  • Simulate sophisticated cyberattacks to identify vulnerabilities.
  • Ensure inspection data is captured, collected, and archived in Government data repositories. Provide post-inspection reports, storyboarding, analysis and trending, and lessons learned.

Required Skills and Experience: 

  • Minimum of two (2+) years’ experience in DoD Network Operations or IA operations to include Local Area Network (LAN) administrator experience. The position will primarily require the candidate to work with a team of penetration testers, helping to conduct varied testing efforts against applications and networks both for the federal government.
  • Integrate into ongoing testing efforts, requiring subject matter expertise in multiple disciplines of vulnerability testing and assessment, the ability to interact and liaison directly with clients, and a strong ability to write and document findings.
  • DoD 8570.01-M IAT Level II Certification OR CSSP Auditor OR CSSP Analyst.
  • One of the following certifications: CEH, CySA+, GCIH, GCIA, GSNA, GICSP, CISA, CFR, SCYBER.
  • Education: Minimum of Associate’s degree in a related field, or equivalent education or experience and related training.

Apply Now

For more information contact: careers@aermor.com

Work Allocation: On-Site