Penetration Tester jobs in Alabama

Job ID: 2407246-3474

Location: HUNTSVILLE, AL, US

Date Posted: 2024-05-22

Category: Cyber

Subcategory: Cybersecurity Spec

Schedule: Full-time

Shift: Day Job

Travel: No

Minimum Clearance Required: None

Clearance Level Must Be Able to Obtain: Public Trust

Potential for Remote Work: No

Description

• Conduct network and system penetration testing.
• Perform full-scope internal penetration tests (discovery, evasion, privilege escalation, execution/exploitation, credential access, lateral movement, & action on objectives) in a controlled/safe manner on live network infrastructure services, Active Directory environments and other systems/applications.
• Interface and coordinate with System Owners to establish the scope for testing, test schedule, test goals, and rules of engagement.
• Perform documentation review and provide improvement recommendations.
• Communicate and escalate issues and alerts as required by process or management.
• Additional responsibilities including the support of various Enterprise Security Operations Center activities.

• Operate professionally always guided by SAIC's core values: passion, empowerment, integrity, inclusion, and innovation.
• Ability to effectively prioritize and effectively execute multiple assigned tasks.
• Attention to details in the execution of all tasks and in documentation.
• Curiosity and love to solve problems and puzzles; analytically rigorous; uncompromising integrity.
• Self-starter with ability work with minimal supervision, as well as optimally work on teams with individuals with a variety of skills and backgrounds.
• Flexibility, persistence, resilience and determination.
• Passion for life-long-learning and skills development.

Qualifications

• Bachelors and two (2) years or more of IT/Cyber experience, Masters and zero (0) years of related IT/cyber experience. Experience may be accepted in lieu of a degree.
• Must be a US Citizen with the ability to obtain a Public Trust clearance after hire.
• Must possess the following certifications: Security or CySA AND Certified Ethical Hacker (CEH), eJPT, or PenTest certifications.
• One (1) or more years of experience in a full-time offensive security role.
• One (1) or more years of experience with offensive tool sets including Kali Linux, Metasploit, Burp, ZAP interception proxies, NMAP, etc..
• One (1) or more years of experience with vulnerability scanning tools such as Tenable Security Center/Nessus.
• Ability to conduct penetration tests on applications, systems and network utilizing proven/formal processes and industry standards.
• Ability to test, identify and exploit trust, misconfigurations, and vulnerabilities in live Microsoft Active Directory environments without being detected by advanced commercial security solutions.
• Proven ability to Work proficiently from the Windows and UNIX/Linux command line (e.g., Bash and PowerShell).
• Hands-on experience conducting cloud asset penetration testing.
• Proven ability to research and formulate recommendations for vulnerabilities found during assessments.
• Proven ability to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and system flaws.
• Proven ability to test, identify and exploit trust, misconfigurations, and vulnerabilities in live Microsoft Active Directory environments.
• Knowledge of security architectures and devices.
• Knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
• Can-do attitude.
• Self-motivated and quick learner with the ability to work independently or with minimal guidance.
• Excellent communication skills both verbal and written.
• Must have experience managing multiple projects and quickly and effectively adjusting to shifting priorities and resolving issues.

• Possess any combination of the following certifications: GPEN, GWAPT, OSCP, or additional relevant certifications.
• Two (2) or more years of hands-on experience as a member of an internal penetration testing team or for a penetration testing firm.
• One (1) or more years of hands-on experience performing Web Application Penetration Testing.
• One (1) or more years of hands-on cloud penetration testing experience.
• One (1) or more years of experience in a Red Team Operator, SOC Analyst, Incident Response Analyst, or System Administrator role.
• One (1) or more years of experience using at least one of the following scripting languages: PowerShell, Bash, Python, Ruby.
• Hands-on experience creating reports and/or documenting processes and procedures.