Penetration Tester

December 17, 2024
Apply Now

Job Description

Gray Tier Technologies is seeking a Web App Penetration Tester to support our DHS customer based out of Springfield Virginia. 

Primary Responsibilities:

  • Knowledge of penetration testing best practices and tool usage.
  • Experience conducting penetration testing in the following disciplines:
    • Web Application testing
    • Network Penetration testing
    • API and serverless penetration testing
    • Cloud based penetration testing (one of the three):
      • AWS
      • Microsoft Azure
      • Google Cloud Platform (GCP)
  • Capable of working within guidance to safely support penetration testing operations as part of a managed team.
  • Detailed knowledge of web application and network based penetration testing security tools.
  • Provide expert level guidance to the customer regarding penetration testing and vulnerability assessment industry best practices.

Qualifications:

  • Bachelors’ degree from an accredited college in a related discipline, or equivalent experience/combined education, with 8+ years of professional experience; or 6+ years of professional experience with a Masters’ degree.
  • In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
  • 2 years in Pen Testing and Vulnerability Assessment
  • 2-3 years of professional experience in incident detection and response, malware analysis, or cyber forensics.
  • Experience with any three of the seven tools listed below:
    • Kali Linux
    • Metaspoilt
    • Burp suite
    • Cobalt Strike
    • Tenable Nessus
    • Web Inspect
    • Scuba
    • App detective
    • PACU
    • AWS CLI
    • Scout Suite
  • Active Top Secret clearance with SCI eligibility

Preferred Qualifications:

  • Prior DHS IT security and/or audit experience preferred.
  • Prior System Administrator experience a plus.
  • Previous IT experience is preferred, specifically 7 years of professional experience in a Computer Science discipline is ideal.
  • Penetration testing experience with Kubernetes and or Docker
  • Mobile Application penetration testing experience
  • Wireless penetration testing experience
  • DHS Risk and Vulnerability Assessment (RVA) Operator certified

CLEARANCE REQUIRED:
• Must be have a current Public Trust or Secret clearance. Top Secret/SCI clearance preferred.

• Must be able to obtain and maintain an DHS Entry on Duty (EOD) clearance