Cyber Penetration Tester
- Military veterans preferred
2019-11-30 Raytheon (www.raytheon.com)
Dulles Virginia United States
Raytheon Intelligence and Information Services (IIS) – Cyber Security & Special Missions (CSM) has an immediate opening for a Penetration Tester supporting multiple Raytheon client organizations in both the US/International commercial and government sectors. Works at the direction of CPS Professional Services team managers and project leads to conduct cybersecurity technical assessments, including network penetration testing, Vulnerability Assessments and simulated offensive/Red Team projects, on behalf of multiple US commercial sector customers. Key duties will involve technical aspects of enterprise computer network defense (CND), network/host level security assessments, web application assessments, and development of recommendations to improve customer cybersecurity program effectiveness. Analysis and customer briefings. Interacts directly with client technical and business operational teams. Provides input to formal reports and summaries for client and stakeholder review. Required Skills/Experience/Education:
5+ Years of experience conducting penetration testing activities on networks, web applications, mobile applications, and API based systems.
Proficient in at least two programming or scripting languages such as Java, C#/C++, Python, Perl, Powershell, and PHP.
Serve as mentor to penetration testing employees and contractors on best practices Knowledgeable in NIST and Fedramp Protocols.
Broad based IT background with a technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle.
Excellent communication skills, both written and verbal with strong presentation skills.
Ability to translate technical materials and issues into non-technical/layman terms.
Demonstrated skills in the entire Microsoft desktop suite (Word, Excel, Power Point, etc.)
2 or more of relevant certifications: CISSP, CISA, CISM, OSCP, CEH, GCIH, GPEN, GWAPT, or equivalent.
Bachelor's or Master's degree in Information Technology, Computer Science or relevant discipline, or relevant work experience.
DUTIES: Candidate will also have an understanding of how to apply the principles of Information Security in a variety of circumstances and be able to translate the NIST 800-53 guidelines into common technical implementations. Perform or direct the following types of penetration testing:, Corporate network to Cloud system (Insider Threat), External to Cloud system (Web Application and Network attacks), Tenant to Tenant, Spear Phishing E-mail campaigns, Physical attack vectors when applicable for data center locations, Privilege escalation (Web Application and Network attacks), Mobile application vulnerability discovery. Ideal Candidate will participate in proposal development for commercial penetration testing opportunities. Analyze, disassemble, and reverse engineer code to discern weaknesses for exploitation Develop Penetration Testing Reports that are compliant with FedRAMP and DoD requirements. Report components include the results of all testing, showing how each attack vector was tested and where vulnerabilities are discovered, providing detailed recommendations on how to remediate each vulnerability. Provide expertise and assist in the assessment of FedRAMP security controls when not engaged on penetration testing activities. Provide review and analysis on vulnerability scan results from tools such as Nessus, Nexpose, Retina, SAINT, Qualys, AppDetective, SecureSphere, WebInspect, IBM AppScan, Burp Suite, etc. Provide training on vulnerability scanning tools to other team members. Team player; able to work well with others in a collaborative manner and is a self-starter who can work with minimum supervision.
-Travel up to 50% of the time.
This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.