Penetration Tester

Quasars, Inc. - Sterling, VA

Full-time

Penetration Tester:

Quasars, Inc. is currently seeking penetration testers to work on a Department of Homeland Security (DHS) contract in the DC Metro area.

Background:

The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to defend critical infrastructure against the threats of today, while working with partners across all levels of government and in the private sector to secure against the evolving risks of tomorrow. The CISA Office of Cybersecurity and Communications (CS&C) works collaboratively with public, private, and international entities to secure cyberspace and America’s cyber assets. CS&C established the Network Security Deployment (NSD) division to serve as the cybersecurity engineering and acquisition "Center of Excellence" not only within CS&C and CISA, but for the entire DHS organization. NSD's mission is to improve cybersecurity for the federal civilian government and other partners by facilitating the integration of various cybersecurity technologies, products, and services.

General Job Description:

The Systems Engineering and Integration (SE&I) program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots and prototypes. This includes solution planning and engineering, defining security requirements, target architecture, interoperability and integration, system testing, Verification and Validation,Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this team, you will contribute to the engineering of current and emerging cybersecurity systems,policies, and processes to enforce standards and identify vulnerabilities and capability gaps, and reduce cybersecurity risk of our customer networks.

The ST&E team is expected to have knowledge and extensive experience in networking, systems management, programming and tool development, the UNIX (different variants) operating system, the Microsoft Windows (different variants) operating system, security analyst tools and techniques, and system design and architecture is necessary to identify required modifications,determine innovative solutions, and to recommend sound security measures.

Specific Duties:

  • Performs analysis, design, and development of security features for system architectures
  • Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers
  • Designs, develops, engineers, and implements solutions that meet security requirements
  • Provides integration and implementation of the computer system security solution
  • Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems
  • Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development lifecycle
  • Ensures that all information systems are functional and secure

Job Locations:

  • Sterling, VA

Requirements:

  • Active TS/SCI
  • 5-10 years work experience or equivalent experience
  • Red Team (preferable) or Blue Team penetration testing
  • 5 years LINUX experience is a must.
  • Knowledge of Kali Linux + custom made tools/fuzzing
  • Experience with at least 3-4 of the following: Metasploit, Burpsuite, Nmap, Wireshark, Jenkins/CloudBees, GitHub, Artifactory, JIRA, BurpSuite Pro, TenableSecurity Center, Nessus, Twistlock, Acunetix, VisualStudio, Eclipse, PyCharm, CoreImpact

Preferred:

Deep understanding of the methodology associated with penetration testing, such as creating Rules of Behavior, selection of pen testing team, and have a developed tool kit.

Cloud experience a plus! (AWS or Azure)

Any of the below credentials:

  • Licensed Penetration Tester (LPT) Master
  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • IACRB Certified Expert Penetration Tester (CEPT)
  • IACRB Certified Expert Penetration Tester (CPT)
  • Certified Red Team Operations Professional (CRTOP)
  • CompTIA’s PenTest+
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); and/or
  • GIAC Penetration Tester (GPEN)

Job Type: Full-time

Salary: $142,000.00 to $164,000.00 /year

Experience:

  • Penetration Testing: 2 years (Required)

License:

  • CEH, LPT, OSCP, CEPT, CRTOP, CPT, PenTest+, GXPN, GPEN (Preferred)

Security Clearance Required:

  • Top Secret (Required)