• Lead Penetration Tester

    Job Locations US-VA-Tysons Corner
    # of Openings
    1
    Category
    Information Technology
    Agency/Project
    IRS
    Job ID
    2018-2711
  • Overview

    OBXtek Inc. is an established award-winning business providing information technology and professional management services to the federal government. OBXtek is a leader in its field and is committed to identifying, developing, and delivering innovative, mission-focused technical and logistical solutions to over 15 civilian and military partners in the Federal Government.

     

    As a prime contractor for 93% of our current work, we possess a robust corporate infrastructure that provides management oversight and support for all our programs. OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO to create processes that leverage best practices and result in novel, successful solutions.

    Responsibilities

    OBXtek is staffing for a  Lead Penetration Tester.

    • Experience using appropriate penetration testing tools (e.g., Kali, Burp Suite, and examples in NIST 800-115)
    • Penetration Testing (skills and methodology)
    • Fuzzing frameworks and instrumentation
    • Application Security Testing
    • Operating systems (LINUX, Windows, z/OS, UNIX, Solaris, Mac OS, UNISYS, Android, iOS)
    • Vulnerability Scanning
    • Application servers (WebSphere, Oracle Application Server, and JBOSS)
    • Web servers (IIS and Apache)
    • Database management systems (Oracle, SQL Server, DB2 on z/OS, Postgres, MySQL)
    • Programming and scripting languages (C, Java, Python, BASH…)
    • Source Code Security Analysis
    • Reverse engineering
    • Exploit development
    • Network devices (firewalls, routers, switches)
    • Network protocols
    • Social Engineering
    • Development frameworks (Struts, Spring, PrimeFaces and Grails)
    • SiteMinder
    • Network Sniffing
    • Password Cracking and Compliance Testing
    • Computer Forensic fundamentals
    • Network Discovery
    • Remote Access Testing
    • Network Port and Service Identification
    • Application build process & tools

    Static Application Security Testing

    • Technical competence in performing security code analysis using tools like AppScan Source
    • Technical competence in application development (Java, .NET, C, C++, …)
    • Technical competence in development frameworks (Struts, Spring and JSF)
    • Technical competence in configuring, managing and supporting tools like AppScan Source and AppScan Enterprise
    • Technical competence in application security
    • Application build process & tools

     

    Dynamic Application Security Testing

    • A clear and practical understanding of the web application assessment process
    • Technical competence in application security
    • Technical competence in using, managing, configuring and supporting automated web application scanning and reporting tools like IBM AppScan Enterprise, Qualys and Burp Suite
    • Programming experience in Java and other programming languages, such as .NET, Python, or C#
    • Markup Languages, Client-Side Scripts, and Server-Side Scripts
    • Familiarity with web-based programming languages such as Java, C++, PHP, Python, ASP.NET, JavaScript, …
    • Technical understanding of web application vulnerabilities, including OWASP Top 10 and required remediation strategies
    • Technical understanding of web services technologies
    • SANS GWEB or similar certifications are desirable

     

    Threat Simulation Environment Administration

    • VMWare administration (Advanced Professional Certification Preferred)
    • VRealize Automation, VRealize Orchestration, Operations Manager, VMWare NSX
    • Chef, Ansible

    Veeam Backup and Replication or similar tools

    Work on a team of cyber SMEs providing support to the IRS. Primary Responsibilities

    • Perform internal and external pentest against systems to determine vulnerabilities offer mitigation strategies.

    • Perform web app pentests for programs for organizations as directed 

    • Perform vulnerability risk assessment as pen test lead

    • Perform physical pentests and social engineering against facilities and organizations as deemed necessary.

    Qualifications

    Bachelor’s Degree with 10 years of experience

    • Must be able to pass IRS Minimum Background Investigation (MBI) security clearance 

    • Must have minimum 15 years of combined Analyst, Pentester, Incident Responder, Network Engineer, System Adminstrator experience

    • Must have Web Application Pentesting experience

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed