Penetration Test Engineer Sr Princ

7/28/17
ManTech (www.mantech.com)
Other

/yr

  Full Time   Employee   Contractor


Washington

United States

Become an integral part of a diverse team that leads the world in the Mission, Cyber, and Intelligence Solutions group. At ManTech International Corporation, you'll help protect our national security while working on innovative projects that offer opportunities for advancement.

The ManTech Security Assessment Team, or SAT, is looking for the following qualities: high level of technical proficiency; energetic; results driven; works well under pressure; excellent oral and written communication skills; and manages time effectively. Active Top Secret security clearance required. Candidate should be able to obtain an upgrade for access to Sensitive Compartmented Information and pass a counter-intelligence polygraph. Position is located in Washington, D.C.


Candidate will conduct automated and manual tests of information systems, to include vulnerability scans, penetration testing, source code review and Web application testing. Candidate will use a variety of techniques to perform tests and assessments, such as threat modeling, threat simulation and social engineering. The candidate should be comfortable researching and understanding a wide variety of information systems and emerging technologies.

SAT security projects range in complexity and duration. Projects generally last between two weeks to six months and are broken down into three phases: preparation, testing and reporting. The level of effort and number of security assessors varies depending on the criticality of the system, technology, and schedule.


Skills description:

In addition to completing the tasks listed above, the candidate shall:

  • Have a broad knowledge of security methodologies, solutions and best practices.
  • Have a broad knowledge of the technical and non-technical tactics, techniques and procedures used by adversaries to exploit information systems. Candidate should be able to conduct advanced tests that simulate malicious users.
  • Have experience with multiple open source and commercial testing tools. A non-comprehensive list includes Nessus, App Detective, Metasploit, Burp Suite, and nmap.
  • Advanced understanding of the strengths and weaknesses of security tools. Ability to select the right tool for the job. Ability to configure and troubleshoot tools if necessary.
  • Be comfortable using, configuring, troubleshooting, and administrate both Unix/Linux and Microsoft operating systems. Candidate should also have extensive systems engineering experience with at least one of these OSs.
  • Candidate should have a solid understand of the security policies of Department of Justice and FBI, as well as security guidelines published by the National Institute of Standards (e.g., 800-53 rev 4 and 800-53a).
  • Have the ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of data related to complex systems. Ability to articulate thoughts and findings in a concise and comprehensive manner.

Other requirements and skills:

The ideal candidate must have an expert understanding of at least one of the following technologies and their security vulnerabilities:

  • Web applications and technologies: advanced understanding of application programming languages, application servers, Web services, and Web browsers. Candidate should also understand the vulnerabilities related to these technologies, as well as security best practices when using them. Candidate should also be able to use automated assessment tools and manual testing techniques to assess these applications. Familiarity with OWASP testing methodology is also required.
  • Networking technologies: advanced proficiency with various networking skills and technologies, including (but not limited to) Cisco hardware and IOS, firewalls, IDS and IPSs, packet analysis, and high level network architecture fundamentals.
  • Enterprise solutions, storage and databases: advanced understanding of relational databases, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
  • Cross domain solutions and trusted operating systems: advanced experience with a range of Cross Domain Solutions, or CDSs, and advanced understanding of the unique security requirements of CDSs and trusted OSs such as trusted Solaris v8, Solaris v10 with trusted extensions and Security Enhanced Linux.
  • Virtualization technologies: advanced experience with VMware products, Microsoft virtualization technologies and/or similar technologies.
  • Mainframes: advanced hardware, OSs, networking, and security best practices.

Security Requirements:

  • US Citizenship and active TS clearance and eligible for an SCI Access, including ability to pass a counter-intelligence polygraph.

Qualifications:

  • Requires Bachelor?s degree or ten years of IT experience and six years of IT Security Experience.

Advertisement

 

Save This Job

Email This Job to a Friend