Penetration Tester - FCC

cFocus Software seeks a Penetration Tester to join our program supporting the Federal Communications Commission (FCC). This position is on-site in Washington, DC.

Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related fields
• Certified Information Systems Security Professional (CISSP) or Information Systems Security Engineering Professional (ISSEP) certifications required, along with Microsoft Certified Cybersecurity Architect Expert
• 7+ years of experience in cyber infrastructure support activities within government contracts
• Core competencies in Cybersecurity Engineering practices
• Knowledge, skills, tasks, and capabilities as outlined in the NICE Work Role Framework for Infrastructure Support (PD-WRL-004)

Duties:

• Identify vulnerabilities within FCC systems and assess potential exploits
• Conduct penetration testing of enterprise IT environments
• Evaluate security controls and support the Authorization Process and Security Impact Analysis
• Mimic threat actor attacks to assess system resilience and improve security tools
• Perform targeted penetration tests to validate remediation efforts
• Test internal and public websites and systems
• Develop and execute penetration testing plans for OCIO systems
• Re-test critical findings to ensure remediation effectiveness
• Conduct network mapping, vulnerability scanning, and phishing simulations, with reporting and recommendations
• Create a quarterly testing schedule and SOP for internal penetration testing
• Identify and assess vulnerabilities across FCC systems
• Simulate attacks to enhance system resilience and SOC monitoring