Attainx Inc.
IT Security Specialist - Penetration Tester (Surge Support)
Attainx Inc., Silver Spring, Maryland, United States, 20900
Attainx Inc.
IT Security Specialist – Penetration Tester
Location:
Hybrid (Reside within a commutable distance of Silver Spring, MD to work onsite as required)
Citizenship:
US Citizen
Security Clearance:
Must hold a Valid NOAA / NWS / DoC Public Trust
Exemption Status:
Computer Exempt
Surge Support
AttainX, Inc. is in search of a highly energetic Penetration Tester to join our team on a cyber security program supporting our US federal government client. We’re looking for a seasoned professional with a minimum of 5 years of proven expertise in penetration testing and ethical hacking. In this role, you’ll identify, exploit, and report security weaknesses across AWS, Azure, and on‑premises infrastructure, directly contributing to fortifying critical systems and protecting sensitive data from evolving cyber threats.
Qualifications and Education Requirements Basic Qualifications:
A minimum of 5 years of proven penetration testing and ethical hacking experience.
Hands‑on experience in penetration testing across AWS, Azure, and On‑Premise environments.
At least 5 years of recent experience in applying IT security concepts, methodologies, principles, procedures and using industry‑standard IT security tools (e.g. Burp Suite, Metasploit, Wireshark).
At least 5 years of recent experience with enterprise architecture methodologies, concepts, procedures, principles, and tools.
At least 5 years of recent experience in contingency planning and backup and recovery best practices and application of NIST guidance.
At least 5 years of recent experience in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.).
At least 5 years of recent experience in conducting penetration testing or the ability to bring in a penetration tester when required.
At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework.
Possess at least one of the following professional certifications required by DOC Enterprise Cybersecurity Policy Annex C‑1:
Controls Assessor
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
GIAC Certified Incident Handler (GCIH)
GIAC Systems and Network Auditor (GSNA)
Electronic Commerce Council Certified Ethical Hacker (CEH)
ISC2 Certified in Governance, Risk and Compliance (CGRC)
Security Certified Network Professional (SCNP)
Security Certified Network Architect (SCNA)
Proficiency in verbal and written communications.
Proficiency in interview skills.
Proficiency in interpersonal skills.
Proficiency in handling multiple tasks concurrently.
Proficiency in project and time management.
Ability to adjust to changing priorities.
Ability to work in a cohesive team‑oriented environment.
Must be a US Citizen able to obtain and maintain a Moderate Public Trust.
Preferred Qualifications
Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations and comprehensive understanding of NIST guidance including Special Publications and Federal Information Processing Standards.
Self‑starter, highly motivated individual who adapts to a dynamic work environment.
Strong attention to detail with an ability to operate effectively across multiple priorities.
Education / Experience Ideal for candidates with 5–7 years of hands‑on penetration testing experience who are looking to advance into intermediate‑level roles.
Duties
Protocol analysis, vulnerability discovery and exploitation, post‑exploitation impact analysis, and physical security.
Highly technical problem‑solver who understands software architectures, security, communication protocols, virtualization, and hardware, and works with other engineers to resolve problems in design, development, and operations.
Perform manual and automated firmware analysis on target devices.
Perform pen tests, fuzzing and custom exploit attacks against client systems.
Review deployment architectures, topologies and conops for compliance regulatory security mandates.
Produce security reports suitable for submission to regulatory bodies.
Conduct hands‑on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments.
Conduct scenario‑based security testing, or red teaming to identify gaps in detection and response capabilities of client end systems.
Conducting research and testing in support of client requirements.
Designing, implementation, and integration of security solutions.
Designing, development and support of the company’s line of technology products.
Analyzes information security systems and applications.
Recommends and develops security measures to protect information against unauthorized modification or loss.
Familiar with a variety of the field’s concepts, practices, and procedures.
Relies on experience and judgment to plan and accomplish goals.
Performs a variety of complicated tasks.
Non‑Essential Functions
General Duty Requirements.
Work Location Perform all functional and technical tasks remotely, hybrid work environment with occasional travel for client engagement, industry events, contract negotiations or at AttainX facility.
Benefits Competitive compensation and benefits packages including paid vacation, medical, dental, vision, matching 401K plan, tuition/training reimbursement, and Long & Short‑Term Disability.
EEO Commitment AttainX is an equal employment opportunity employer, committed to providing a workplace that is free from discrimination based on Title VII of the Civil Rights Act, VEVRAA, and Section 503, or other status protected by applicable federal, state, local, or international law. These protections also extend to applicants.
Accommodation If you are an individual with a disability and would like to request a reasonable workplace accommodation, please send an email to HR@AttainX.com.
Physical Demands Sitting and working on a computer for long, continuous periods each day; effective communications by telephone, email, and face‑to‑face; standing, walking, and sitting; handling and feeling objects or controls; reaching; talking and hearing; lifting and/or moving up to 10 pounds; specific vision abilities including close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust and focus.
Work Environment The noise level in the work environment is usually moderate.
#J-18808-Ljbffr
Location:
Hybrid (Reside within a commutable distance of Silver Spring, MD to work onsite as required)
Citizenship:
US Citizen
Security Clearance:
Must hold a Valid NOAA / NWS / DoC Public Trust
Exemption Status:
Computer Exempt
Surge Support
AttainX, Inc. is in search of a highly energetic Penetration Tester to join our team on a cyber security program supporting our US federal government client. We’re looking for a seasoned professional with a minimum of 5 years of proven expertise in penetration testing and ethical hacking. In this role, you’ll identify, exploit, and report security weaknesses across AWS, Azure, and on‑premises infrastructure, directly contributing to fortifying critical systems and protecting sensitive data from evolving cyber threats.
Qualifications and Education Requirements Basic Qualifications:
A minimum of 5 years of proven penetration testing and ethical hacking experience.
Hands‑on experience in penetration testing across AWS, Azure, and On‑Premise environments.
At least 5 years of recent experience in applying IT security concepts, methodologies, principles, procedures and using industry‑standard IT security tools (e.g. Burp Suite, Metasploit, Wireshark).
At least 5 years of recent experience with enterprise architecture methodologies, concepts, procedures, principles, and tools.
At least 5 years of recent experience in contingency planning and backup and recovery best practices and application of NIST guidance.
At least 5 years of recent experience in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.).
At least 5 years of recent experience in conducting penetration testing or the ability to bring in a penetration tester when required.
At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework.
Possess at least one of the following professional certifications required by DOC Enterprise Cybersecurity Policy Annex C‑1:
Controls Assessor
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
GIAC Certified Incident Handler (GCIH)
GIAC Systems and Network Auditor (GSNA)
Electronic Commerce Council Certified Ethical Hacker (CEH)
ISC2 Certified in Governance, Risk and Compliance (CGRC)
Security Certified Network Professional (SCNP)
Security Certified Network Architect (SCNA)
Proficiency in verbal and written communications.
Proficiency in interview skills.
Proficiency in interpersonal skills.
Proficiency in handling multiple tasks concurrently.
Proficiency in project and time management.
Ability to adjust to changing priorities.
Ability to work in a cohesive team‑oriented environment.
Must be a US Citizen able to obtain and maintain a Moderate Public Trust.
Preferred Qualifications
Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations and comprehensive understanding of NIST guidance including Special Publications and Federal Information Processing Standards.
Self‑starter, highly motivated individual who adapts to a dynamic work environment.
Strong attention to detail with an ability to operate effectively across multiple priorities.
Education / Experience Ideal for candidates with 5–7 years of hands‑on penetration testing experience who are looking to advance into intermediate‑level roles.
Duties
Protocol analysis, vulnerability discovery and exploitation, post‑exploitation impact analysis, and physical security.
Highly technical problem‑solver who understands software architectures, security, communication protocols, virtualization, and hardware, and works with other engineers to resolve problems in design, development, and operations.
Perform manual and automated firmware analysis on target devices.
Perform pen tests, fuzzing and custom exploit attacks against client systems.
Review deployment architectures, topologies and conops for compliance regulatory security mandates.
Produce security reports suitable for submission to regulatory bodies.
Conduct hands‑on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments.
Conduct scenario‑based security testing, or red teaming to identify gaps in detection and response capabilities of client end systems.
Conducting research and testing in support of client requirements.
Designing, implementation, and integration of security solutions.
Designing, development and support of the company’s line of technology products.
Analyzes information security systems and applications.
Recommends and develops security measures to protect information against unauthorized modification or loss.
Familiar with a variety of the field’s concepts, practices, and procedures.
Relies on experience and judgment to plan and accomplish goals.
Performs a variety of complicated tasks.
Non‑Essential Functions
General Duty Requirements.
Work Location Perform all functional and technical tasks remotely, hybrid work environment with occasional travel for client engagement, industry events, contract negotiations or at AttainX facility.
Benefits Competitive compensation and benefits packages including paid vacation, medical, dental, vision, matching 401K plan, tuition/training reimbursement, and Long & Short‑Term Disability.
EEO Commitment AttainX is an equal employment opportunity employer, committed to providing a workplace that is free from discrimination based on Title VII of the Civil Rights Act, VEVRAA, and Section 503, or other status protected by applicable federal, state, local, or international law. These protections also extend to applicants.
Accommodation If you are an individual with a disability and would like to request a reasonable workplace accommodation, please send an email to HR@AttainX.com.
Physical Demands Sitting and working on a computer for long, continuous periods each day; effective communications by telephone, email, and face‑to‑face; standing, walking, and sitting; handling and feeling objects or controls; reaching; talking and hearing; lifting and/or moving up to 10 pounds; specific vision abilities including close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust and focus.
Work Environment The noise level in the work environment is usually moderate.
#J-18808-Ljbffr