Peraton is hiring: Penetration Tester in Sierra Vista

Responsibilities

The GCC provides CSSP responsibilities, conducts DODIN Operations, and DCO – Internal Defensive Measures (IDM) to protect the DODIN in accordance with the DoDM 8530.01 and the DoD Cybersecurity Services Evaluator Scoring Metrics (ESM). These responsibilities encompass five CSSP functions: Identify, Protect, Detect, Respond, and Recover. The GCC is responsible for executing these functions for its assigned portions of the DODIN, covering both unclassified and classified networks and systems.

The division offers support services for the protection, monitoring, analysis, detection, and response to unauthorized activities within the DoD Information Systems and Networks. DCO-IDM services are aimed at defending against unauthorized activities on all Army assets on the NIPRNet and SIPRNet. The division implements defensive measures to safeguard information, computers, and networks from disruption, denial, degradation, or destruction. It manages sensors and analyzes events for network and host-based incidents, including managing inline NIPS/NIDS sensors monitoring all CONUS DoDIN-A traffic to detect outages and malicious activities.

In coordination with GCC Operations, DCO initiates security procedures upon attack detection. Event analysis and response involve reducing cyber incidents to malicious threats and mitigating them according to guidance from GCC leadership. The division supports CSSP services on NIPRNet and SIPRNet, developing reports, products, TTPs, SOPs, EXSUMs, trip reports, and information papers. It also contributes to policy and agreement documentation such as MOUs, SLAs, and other guidance.

Defensive Cyber Assessment (DCA) Support

The DCA Branch conducts local and remote penetration testing to emulate threat models and assess the defensive security posture. It evaluates and maintains documentation for vetted penetration tools and TTPs.

CDAP Support

CDAP missions include NAVs, NDAs, and PPTs, conducted in accordance with AR 380-53. NAVs involve assessing security enclaves through on-site penetration testing, with a structured four-phase process: authorization, network survey, penetration testing, and final reporting. NDA support involves validating suspected compromises, reporting findings, and assisting with mitigation. PPT support involves conducting high-risk assessments and phishing campaigns to identify vulnerabilities, with detailed reporting and mitigation recommendations.

Qualifications

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
• Certifications: CompTIA Cloud+, PenTest+, Security+, GIAC GCED, or GICSP
• Top Secret w/SCI security clearance
• Experience in drafting reports and cybersecurity assessments
• Experience in pen testing fundamentals

Peraton Overview

Peraton is a national security company providing mission-critical solutions worldwide, supporting government agencies and military branches. We focus on land, sea, space, air, and cyberspace domains, solving complex challenges to keep people safe and secure.

Target Salary Range

$80,000 - $128,000

EEO

Peraton is an equal opportunity employer, including for individuals with disabilities and protected veterans.

#J-18808-Ljbffr