SME - Penetration Test Engineer Job at Steampunk, Mc Lean, VA

N1RJY3JleFVza1lFMEErT3VYelVKYkVuR0E9PQ==
  • Steampunk
  • Mc Lean, VA

Job Description

Overview:

Steampunk is seeking Subject Matter Expert (SME) Penetration Test Engineer to support our Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) clients. CISA leads the national effort to understand, manage, and reduce risk to critical infrastructure. CISA is charged with leading the Nation's strategic and unified work to assure the security and resilience of the nation's cyber systems, protecting the American way of life.

Contributions:

As a SME - Penetration Test Engineer, you will join our Cybersecurity practice supporting our federal customers. You will have and active TS clearance and 10+ years of proven experience as a Senior Security Engineer with experience assessing security implementation of cloud and hybrid environments to include Continuous Integration/ Continuous Delivery (CI/CD) pipelines, applications and services. You will have supervisory/leadership experience overseeing and guiding large teams responsible for planning, analyzing, implementing, and maintaining many different penetration testing projects.

  • Leading penetration testing, developing advanced security scenarios and testing systems against those scenarios,
  • Developing advanced security architectures for the implementation of custom countermeasures,
  • Providing security considerations to advise system engineering teams with the objective to reduce errors, flaws, and weaknesses that may constitute security vulnerabilities,
  • Performing advanced code analysis, and performing advanced protocol analysis for nation-state and state-sponsored cyber threat actor capabilities.
  • Using agile best practices for scanning and end to end vulnerability remediation, assisting in all information security planning, compliance and risk management.
  • Managing teams, ensuring they have appropriate skill sets, and tying the teams and results together.
  • Identifying vulnerabilities and understanding and recommending countermeasures.
  • Analyzing the network to determine if appropriate security is applied using knowledge of the NIST RMF.
  • Developing and implementing test plans and ensuring execution.
  • Evaluating the costs and benefits of security functions and considerations from analysis of alternatives, engineering trade-offs and risk treatment decisions.
  • Utilizing a risk-based approach to evaluate the findings and will be responsible for writing up detailed summaries of the vulnerability and suggested remediations.
  • Providing technical assessments of all layers of the enterprise stack as required by the specific application/system being tested.
  • Working directly with system admin teams as well ISSOs to discuss findings and verify that their remediation efforts are adequate through following up penetration testing.
  • Conducting penetration testing using approved tools and best practices.
  • Creating detailed reports including the findings and suggested remediations.
  • Conducting risk-based assessments based on penetration testing findings and brief the same to senior leadership.
  • Reviewing and suggesting changes to ROE to ensure outcome provides desired results.
  • Working with system teams and ISSOs on understanding of findings and remediation guidance.
  • Managing and supporting development of pen testing SOPs.
  • Designing scenarios for testing based on TTPs used by threat actors.
  • Developing and implementing test plans and ensuring execution.
  • Evaluating costs and benefits of security functions and considerations from analysis of alternatives.

Qualifications:

  • Active TS clearance
  • 10+ years of proven experience as a Security Engineer
  • Supervisory/leadership abilities to oversee large teams responsible to planning, analyzing, implementing, and maintaining many different projects.
  • BS in an IT field & 5 years of IT work OR BS in a non-IT field and 7 years of IT work
  • Experience with packet analysis and with hardening and remediation.
  • Experience over a variety of technologies and ability to assess security implementation of cloud and hybrid environments to include pipelines, applications, and services.
  • Ability to ensure industry best practice implementation utilizing agile practices for scanning and end to end vulnerability remediation.
  • Ability to assist in all information security planning, compliance and risk management, manage teams, ensure they have appropriate skill sets, and tie the teams and results together.
  • Able to identify vulnerabilities and understand and recommend countermeasures.

Preferred Skills

  • Experience with multiple penetration testing tools (Metasploit, nmap, burp suite, KaliLinux, etc.)
  • Experience briefing to senior leadership
  • Excellent written and verbal communication skills
  • Performing work after-hours as testing requires
  • Performing security research to remain current on emerging technology trends
  • Familiarity with MITRE ATT&CK framework
  • Ability to work with ISSOs to map findings to associated security controls
  • Working knowledge of various enterprise technology stacks used to build applications in the cloud
  • Working knowledge and experience in AWS and Azure GovClouds

About steampunk :

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology , we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company , we focus on investing in our employees to enable them to do the greatest work of their careers and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit .

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.

Steampunk

Job Tags

Similar Jobs

Richard's, Original Joe's

Lottery Cashier Job at Richard's, Original Joe's

 ...What We Are About: There are numerous lottery retailers, and Jaspers recognizes that what sets us apart from other retailers is our dedication to Guest service and our clean, bright, and safe locations. Team members are responsible for ensuring that every Guest... 

GardaWorld

Security Officer - CCTV Operator Job at GardaWorld

Job Description GardaWorld Security Services Security Officer Now Hiring! Youve got the right skills. What you need is the right opportunity to unleash your potential. We agree, and were hiring! Every day is different at GardaWorld with diverse work assignments...

indiGO Auto Group

Volkswagen Marin Service Technician Job at indiGO Auto Group

 ...automotive brands: Aston Martin, Audi, Bentley, BMW, Ferrari, Jaguar, Lamborghini, Land Rover, McLaren, Porsche, Rolls-Royce, Rimac, and Volkswagen. We are always looking for bright, motivated, and energetic professionals to add to our world-class team. Each of our dealerships... 

Domino's Franchise

Delivery Driver - 2128 Rock Road Job at Domino's Franchise

 ...Looking to make some extra cash in your spare time? Tried the food delivery or rideshare gigs but tired of them taking most of the money?...  ...Qualifications Must be 18 years of age & have a valid driver's license Must have 2 years of driving history Must have... 

Children's National Hospital

Genetic Counselor Assistant Job at Children's National Hospital

The Genetic Counselor Assistant will be involved in preparation for patient visits including contacting referring physicians and obtaining patient...  ...serves as a clinical rotation site for multiple Genetic Counseling Programs and is integrally involved in the training of...