​​Penetration Tester - Mid​ - Leidos

Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations.  The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations. 

Primary Responsibilities: 

• Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies. 

• Perform web app pentests 

• Perform vulnerability risk assessment 

• Perform physical pentests and social engineering 

• Perform cyber incident response as needed for programs 

Basic Qualifications: 

• Bachelors’ degree from an accredited college in a related discipline, or equivalent experience/combined education, with 5 to 8 years of professional experience; or 3 to 5 years of professional experience with a Masters’ degree. 

• Additional years of experience and certifications may be considered in lieu of a degree. 

• Must have a Secret Clearance.  In addition to specific security clearance requirements all Department of Homeland Security CBP SOC employees are required to have or be able to favorably pass a 5 year (BI) Background Investigation.  

• 5 years in Pen Testing and Vulnerability Assessment, with specific emphasis on web application and enterprise network environments. 

• 8 years of professional experience in incident detection and response, malware analysis, or cyber forensics. 

Specific experience in at least 1 f the following specialties: 

• Mobile application testing 

• Cloud infrastructure testing 

• RF Testing 

• Mainframe systems 

Experience with the majority of the tools listed below: 

• Kali Linux 

• Metaspoilt 

• Burp suite pro 

• Cobalt Strike / Empire 

• Tenable Nessus 

• Debuggers such as Immunity 

• Bloodhound 

• BladeRF / HakRF 

• Hak5 equipment 

• Wireshark / tcpdump 

Certifications: At least one pentesting certification: 

• CISSP 

• GISF 

• GPEN 

• GWAPT 

• GXPN 

• OSCE 

• OSCP 

• OSEE 

• OSWP 

Clearance:  In addition to specific security clearance requirements all CBP SOC employees are required to successfully complete a CBP Background Investigation to support this program 

Preferred Qualifications:  

• Understanding of Cyber Kill Chain & Intelligence Defense.

• Ability to brief senior officials on pentesting requirements and results