Cyber Engineer/Penetration Tester
Herndon, VA.
*TS/SCI w/ FS Poly required prior to applying*
This Cyber Security Project Engineer will provide highly technical and in-depth penetration testing and ethical hacking to target, assess, and exploit risk and vulnerabilities of information systems. The Cyber Security Project Engineer will provide decision makers with documented and actionable data to aid in making strategic investment decisions.
The candidate MUST have experience with cyber penetration testing, leveraging adversarial tactics to conduct hands-on security testing, and applying computer attack methods and system exploitation techniques.
The candidate MUST have experience with the cyber security principles for Linux, Windows, and virtual platforms as well as performing network security analysis and analyzing network architectures.
Project Overview:
The Sponsor’s team provides a highly technical and in-depth penetration testing service, in support of enterprise cyber security equities. The Sponsor requires support specializing in penetration testing and ethical hacking, to target, assess, and exploit risk and vulnerabilities of information systems. The intent is to provide senior decision makers with documented and actionable data to aid in making strategic investment decisions.
The Contractor shall document all identified system risks, planned test procedures, and results.
The Contractor shall perform analyses of vulnerabilities identified during testing.
The Contractor shall review program-level documentation such as requirements specification, system architecture, design documents, test plans, and security plans.
The Contractor shall create and document penetration testing plans and procedures.
The Contractor shall conduct hands-on penetration testing by leveraging approved testing plans and procedures.
The Contractor shall analyze penetration test results, document risks, and recommend countermeasures to uncovered risks.
The Contractor shall participate or lead technical exchange meetings and application review boards.
The Contractor shall document action items and results from technical exchange meetings and application review boards.
The Contractor shall brief management on the status of action items and results of activities.
The Contractor shall have the following required skills, certifications and demonstrated experience:
· Demonstrated work experience in cyber security or related IT field.
· Demonstrated experience with cyber penetration testing.
· Demonstrated experience leveraging adversarial tactics to conduct hands-on security testing.
· Demonstrated experience applying computer attack methods and system exploitation techniques.
· Demonstrated working knowledge of cyber security principles for Linux, Windows, and virtual platforms.
· Demonstrated experience designing, testing, or implementing IT security architecture.
· Demonstrated experience performing network security analysis.
· Demonstrated experience analyzing network architectures.
· Demonstrated experience using network management tools
· Demonstrated experience developing risk management methodologies.
· Demonstrated experience analyzing test results to develop risk and threat mitigation plans.
· Demonstrated experience testing or reviewing system configuration, development, and design specifically around enterprise systems and hypervisors.
· Demonstrated experience designing, testing, or implementing complex Windows installations.
Skills and demonstrated experiences that are highly desired but not required to perform the work include:
· Demonstrated experience participating in public and private information security groups and organizations.
· Demonstrated experience communicating vulnerability results and risk posture to senior executives.
· Demonstrated experience performing complex technical tasks with minimal direction.
· A Bachelor's degree in Computer Science, Information Systems, Engineering, or other related scientific or technical discipline.
· Two or more of the relevant certifications:
o Offensive Security Certified Professional (OSCP)
o Global Information Assurance Certification Penetration Tester (GPEN)
o eLearn Security Certified Professional Penetration Tester (eCPPTv2)
Global Information Assurance Certification Web Application Penetration Tester (GWAPT)
• Vacation – 5 weeks of accrued paid vacation per year (i.e., 8.33 hours accrued per pay period worked)
• Holidays - Paid holidays published annually by the Office of Personnel Management, excluding Inauguration Day
• 100% paid for Health Benefits* (United Healthcare, Guardian Dental, VSP Vision, MetLife, Life and Disability Insurance and annual $1500 employer HSA contribution on qualified plans) *health benefits kick in the 1st of the month following your start date
• 6% 401k Contribution (3% paid out during each pay period, the additional 3% will be paid out as a lump sum in Q1 each year)
• Training Reimbursement – Approved training and education expenses will be reimbursed
• Travel Expenses – Approved travel expenses will be reimbursed *Note – From time to time, the company may change employee benefits.
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Visa is looking for a Senior Network Test & Certification Engineer to validate and automate complex network designs using modeling tools, cloud platforms, and GenAI-driven workflows.
Privia Health seeks a Cybersecurity Assurance Analyst to strengthen access governance and SOX controls across its healthcare technology environment, with emphasis on IAM/IGA, SOD, and audit reporting.
Experienced application developer needed to lead Power Platform and Dynamics 365 migrations, manage Azure-based infrastructure, and maintain enterprise SQL environments for a large municipal agency.
UChicago Medicine is hiring a Senior Inpatient Clinical Systems Analyst to lead clinical workflow analysis, provide Tier 3 support, and translate clinical requirements into optimized inpatient system solutions.
Protect cloud environments and drive operational security improvements as a Cloud Security Operations Analyst focused on detection, response, and automation for a US-based partner.
Bilingual (Korean/English) Server & Network Administrator needed for a one-year on-site contract to manage enterprise servers, networks, and infrastructure, providing technical guidance and ensuring uptime and security.
Procon is hiring a remote PMIS Administrator to administer and enhance eBuilder, deliver user training, and drive system adoption for a transportation client supporting Washington, DC-area projects.
A defense-focused partner is hiring a senior Cyber Integration Engineer to lead design and integration of zero-trust cyber solutions across classified and unclassified environments.
Motorola Solutions is hiring an IT M&A Integration Analyst intern to support ERP integration, process mapping, and M&A-related project work in a hybrid Chicago role.
HPD Tech is hiring a Cloud Administrator to manage Azure infrastructure, Redis databases, and server environments that support DSAS and other agency systems.
Serve as a Business Analyst for FDNY to document processes, drive requirements and ensure data quality across fire prevention, revenue management and enforcement systems.
SpartanNash seeks a hands-on Technician II, Retail Systems to support and maintain POS, PC and related retail technologies across Byron Center-area stores and independent retail locations.
FDNY seeks a Business Analyst to document processes, translate user needs into functional requirements, and support system development and QA for fire prevention and revenue/legal systems.