Cyber Penetration Tester - Subject Matter Expert - The Squires Group

Sterling, VA 20166

About the Job

We are seeking an experienced Cyber Penetration Tester - SME to join our client’s team. In this role you will lead penetration testing efforts to assess the client's systems security, identify vulnerabilities, recommend NIST 800-53-compliant remediations, maintain the systems infrastructure, and develop tools to automate security processes.

Per our client contract, candidates must be U.S. Citizens, possessing a Secret clearance with eligibility to obtain a Top Secret security clearance.

This role follows a rotating hybrid schedule based in Arlington, VA:

Week 1: 2 days onsite, 3 days remote
Week 2: 3 days onsite, 2 days remote

Responsibilities

Conduct and lead penetration testing activities to evaluate the security of our client's systems.
Identify security vulnerabilities and propose actionable remediations to meet the requirements of NIST 800-53 controls.
Communicate findings effectively to system owners and engineers, including demonstrations where necessary.
Manage and maintain the systems infrastructure.
Develop or enhance tools to automate discovery and exploitation processes.

Qualifications

Required Qualifications:

Bachelor’s degree in a relevant field with 9 years of experience in Cyber/IT, or a Master’s degree with 7 years of relevant experience. An additional 4 years of IT security or penetration testing experience may be considered in lieu of a degree.
Minimum of 5 years of hands-on experience in penetration testing.
Possess or be able to obtain before the start date one of the following certifications: CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, SSCP.
Proficiency with Kali Linux.
Experience using penetration testing tools such as Nmap, Burp Suite, and Metasploit.
Proven ability to evaluate vulnerabilities, conduct root cause analysis, and report findings using methodologies like NIST SP 800-115, PTES, ISSAF, or OWASP WTG.
Demonstrated leadership skills in guiding Senior and Junior Penetration Testers during assessments.
U.S. citizenship with an active Secret security clearance and eligibility to obtain a final Top Secret security clearance.

Preferred Qualifications:

Active Top Secret or TS/SCI clearance.
Advanced certifications in IT security, such as CompTIA CASP+, ISC2 CISSP, ISC2 CCSP, or ISC2 ISSEP.
Certifications demonstrating practical penetration testing expertise, such as OSCP, Hack the Box CPTS, PNPT, or GXPN.
Zero Point Security Red Team Ops II certification.
Advanced knowledge of:
- NIST Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes.
- Security principles (CIA, IAAAA, access control, risk management, etc.).
- Networking (IP routing, TCP/UDP, VPNs, firewalls, NAT, etc.) and common network protocols (SSH, FTP, SMTP, SMB, HTTP, etc.).
- Operating systems (process, device, user management, file systems, etc.).
- Data processing (encoding, hashing, encryption, etc.).
- Scripting/programming languages (Bash, Python, PowerShell, JavaScript, etc.).
- Application vulnerabilities (outdated components, misconfigurations, input validation, logging/monitoring failures, etc.).
- Web application vulnerabilities (XSS, SQLi, LFI, file uploads, authentication flaws, etc.).
- Active Directory (AD) attacks, including kerberoasting, AS-REP roasting, privilege abuse, golden ticket crafting, etc.
- Public Key Infrastructure (PKI) and multifactor authentication.
- Cloud platforms and technologies (AWS, Azure, GCP).

Check out our Referral Program!
The Squires Group will pay you for every qualified professional that you refer and we place. If you see a position posted by The Squires Group and know the perfect person for the job, please send us your referral. For more information, go to https://bit.ly/squiresreferral.

#LI-JT1

#LI-hybrid

#LI-JT1

#LI-hybrid

Source : The Squires Group