Emagine IT, Inc.
PENETRATION TESTER (Remote) with Security Clearance
Emagine IT, Inc., Rockville, Maryland, us, 20849
Overview
Emagine IT has an immediate need for a Penetration Tester to join our team in support of our Commercial Services Team located remote. In this role, you will facilitate Penetration Tests, Threat Hunting exercises and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments. To succeed in this position, you will need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. You will work in a team atmosphere with an experienced Sr. Consultant Project Lead, and you will be assigned technical sections and provide client-ready deliverables. Responsibilities
Execute testing procedures in accordance with NIST SP 800-53A Revision 4 Test for vulnerabilities, validate exploitable vulnerabilities within network, cloud, web and mobile environments Perform Social Engineering campaigns, including email phishing, spear phishing, phone pre-text calling - Including but not limited to creation of landing pages, creation of embedded executable payloads Develop Rules of Engagement, Penetration Test Plans, Penetration Testing report, Power Point presentations for kick-off and closing of client engagements Author recommendations based on findings to improve security postures compliant with NIST controls Penetration Testing/Threat Hunting (75%); Advisory/Consulting (25%) Experience using: Kali Linux, Social Engineering Toolkit, Burp Suite, Nessus, Metasploit Framework; MITRE ATT&CK Framework; coding (Python, Ruby, etc.); SQL testing; Travel expected
Required Qualifications
Bachelor's degree (4-year) or equivalent combination of education and experience Minimum three (3) years IT experience with familiarity with NIST SP 800-37 Rev 1, 800-53 Rev 4, 800-53A Rev 1, PCI-DSS, SOX, HIPAA Strong written and verbal communication skills Strong NIST experience (NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171) Ability to independently lead small, less complex system assessments Ability to assist team members with artifact collection and detailing artifacts to satisfy assessment requirements At least one of the following certifications: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, and/or CAP Penetration Testing Certification: OCSP, GIAC-GPEN, LPT (preferred) Second certification within 6 months: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, or CAP Candidate must perform "CTF" style penetration test including presentation of findings prior to offer of employment Additional Qualifications
Experience reviewing Nessus output Basic knowledge of networking components and various operating systems in cloud environments (UNIX, Windows) Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH) and regulatory requirements Experience with AWS, Microsoft Azure, Google Cloud Project management experience or certification (PMP) Must be eligible for Secret Clearance or Public Trust This role cannot sponsor Visa candidates EEO Statement
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.
#J-18808-Ljbffr
Emagine IT has an immediate need for a Penetration Tester to join our team in support of our Commercial Services Team located remote. In this role, you will facilitate Penetration Tests, Threat Hunting exercises and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments. To succeed in this position, you will need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. You will work in a team atmosphere with an experienced Sr. Consultant Project Lead, and you will be assigned technical sections and provide client-ready deliverables. Responsibilities
Execute testing procedures in accordance with NIST SP 800-53A Revision 4 Test for vulnerabilities, validate exploitable vulnerabilities within network, cloud, web and mobile environments Perform Social Engineering campaigns, including email phishing, spear phishing, phone pre-text calling - Including but not limited to creation of landing pages, creation of embedded executable payloads Develop Rules of Engagement, Penetration Test Plans, Penetration Testing report, Power Point presentations for kick-off and closing of client engagements Author recommendations based on findings to improve security postures compliant with NIST controls Penetration Testing/Threat Hunting (75%); Advisory/Consulting (25%) Experience using: Kali Linux, Social Engineering Toolkit, Burp Suite, Nessus, Metasploit Framework; MITRE ATT&CK Framework; coding (Python, Ruby, etc.); SQL testing; Travel expected
Required Qualifications
Bachelor's degree (4-year) or equivalent combination of education and experience Minimum three (3) years IT experience with familiarity with NIST SP 800-37 Rev 1, 800-53 Rev 4, 800-53A Rev 1, PCI-DSS, SOX, HIPAA Strong written and verbal communication skills Strong NIST experience (NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171) Ability to independently lead small, less complex system assessments Ability to assist team members with artifact collection and detailing artifacts to satisfy assessment requirements At least one of the following certifications: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, and/or CAP Penetration Testing Certification: OCSP, GIAC-GPEN, LPT (preferred) Second certification within 6 months: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, or CAP Candidate must perform "CTF" style penetration test including presentation of findings prior to offer of employment Additional Qualifications
Experience reviewing Nessus output Basic knowledge of networking components and various operating systems in cloud environments (UNIX, Windows) Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH) and regulatory requirements Experience with AWS, Microsoft Azure, Google Cloud Project management experience or certification (PMP) Must be eligible for Secret Clearance or Public Trust This role cannot sponsor Visa candidates EEO Statement
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.
#J-18808-Ljbffr