Cyber Security Penetration Test Engineer - Military veterans preferred

Entering ManTech’s 50th year, we hold the distinct honor of being named a “Top 100 Global Technology Company” by Thomson Reuters. We have earned this and many other accolades over the years for our dedication to serving the missions of our nation’s most important customers: U.S. Intelligence, Defense and Federal Civilian agencies. All know us as a trusted partner offering best-in-class solutions in cyber, data collection & analytics, enterprise IT, and systems and software engineering tailored to meet their specific requirements.

Become an integral part of a diverse team in the Mission, Cyber and Intelligence Solutions (MCIS) Group. Currently, ManTech is seeking a motivated, mission oriented Cyber Security Penetration Test Engineer in Washington DC area, with strong Customer relationships. At ManTech, you will help protect our national security while working on innovative projects that offer opportunities for advancement.

The FSS Division provides cyber solutions to a wide range of Defense and Intelligence Community customers. This division consists of a team of technical leaders that deliver advanced technical solutions to government organizations. Our customers have high standards, are technically adept, and use our products daily to support their mission of protecting national security. Our contributions to our customer’s success is driving our growth.

Position Description:

Experience in performing Penetration Testing, Security Control Assessments and Red Team activities.
Willingness to travel 25% - 40% of the time with weekends home.
Candidate must be able to obtain Public Trust clearance.
Participates in penetration testing engagements of Federal, State, and commercially owned systems and environments.
Testing includes web application assessments, static code review and analysis, mobile (iOS, Android), wireless assessments, SCADA, and infrastructure assessments.
Develop and document security evaluation test plans and procedures.
Provide technical expertise and guidance in developing and supporting business applications to ensure they are deployed securely.
Responsible for aligning industry best security practices and technology solutions with business strategies.
Maintain knowledge of current security tools and industry best practices: tools, techniques, procedures, tactics, attacks and forensics.
Prioritize and manage tasks as needed, on the status of action items and/or results of activities.
Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures.
Coordinate with other program elements while conducting security testing.
Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing.
Required Skills:

Experience with a wide range of InfoSec tools such as Metasploit, Burp, Nessus, Kali Linux Tool Suite, IDA Pro, OllyDbg/WinDbg, Nmap, John the Ripper, Cain, Nikto, and packet analysis tools (Wireshark/TCPDump) (preferred).
Experience with scripting/programming languages such as .Net, PowerShell, Python, Java, Ruby, or Perl.
Extensive knowledge of operating systems (Linux, Windows, iOS, Android, Unix variants), network intrusion detection architectures, operating system vulnerabilities and web application security methods (preferred).
Familiarity with the OWASP testing methodology.
The ideal candidate MUST have a strong understanding of the following technologies and their security vulnerabilities:

Web Applications and Technologies: advanced understanding of application programming languages, application servers, Web services, and Web browsers. Candidate should also understand the vulnerabilities related to these technologies, as well as security best practices when using them. Candidate should also be able to use automated assessment tools coupled with manual testing techniques to assess these applications.
Networking Technologies: advanced proficiency with various networking skills and technologies, including (but not limited to) Cisco hardware and IOS, firewalls, IDS and IPSs, packet analysis, and high level network architecture fundamentals.
Enterprise Solutions, Storage and Databases: understanding of relational databases, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
Virtualization technologies: advanced experience with VMware products, Microsoft virtualization technologies and/or similar technologies.


Applicants selected will be subject to a government security investigation and must meet eligibility.