Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Cyber Security Penetration Tester Specialist Remote GPEN InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Penetration Tester Specialist
Company Unwin Company
Location Remote
Preferred GIAC Certifications GPEN
Travel 20%
Salary $150k-$200k
URL https://www.indeed.com/viewjob?cmp=Unwin-Company&t=Cyber+Security+Penetration+Testing+Spcl&jk=3987de5c89579b12&q=%22penetration+testing+spcl%22&vjs=3
Contact Name Jeremy Thomas
Contact Email jeremy.thomas/at/hq.doe.gov
Expires 2022-03-10

Job Description

Job Title: Cyber Security Penetration Tester Specialist
Job Function: Technical Assessor
Location: Germantown, MD or Remote
Duration: Full-time
Clearance: DOE Q or TS/SCI

About the Employer: Unwin Company is a respected federal government contractor supporting the
Department of Energy (DOE) with a long-standing tradition of service and professionalism. Unwin
Company offers a very competitive compensation package that includes eligibility to participate in a
company matching retirement savings plan and group medical insurance.
Job Responsibilities:
The Cyber Security Penetration Tester Specialist will assist the Department of Energy (DOE) in
monitoring and assessing the technical performance of the Department's cybersecurity programs. This
position will lead and participate in comprehensive cybersecurity vulnerability and penetration testing
assessments, the creation of assessment reports, and presenting the assessment results to senior
management. The successful candidate will work closely with team members assessing the policy and
procedures implemented throughout the Department to meet Federal Information Security
Modernization Act (FISMA) requirements. Penetration Tester Specialists also provide additional
technical support, develop new assessment methodologies, and take on special projects in support of
the assessment process.

Other duties and responsibilities:
• Plan, execute, and lead technical cybersecurity assessments across the department
• Evaluate the performance of cybersecurity programs from a technical perspective
• Apply advanced technical methods to test and validate technical security controls
• Conduct subject matter expert interviews in order to develop an understanding of the
implementation of technical security controls
• Assess the potential impact of ineffective or missing security controls including the potential risk
to the Department’s mission
• Provide written and verbal reports of assessment results
• Develop rigorous “best practice” recommendations to improve cybersecurity on all levels
• Develop assessment findings and prepare assessment reports
• Develop new technical assessment techniques and methods, and share expertise with other
technical team members
• Design technical assessments based on an organization’s mission, technical controls, and threat
intelligence
• Other duties as specified by manager or organization

Position Requirements:
• Applicant must possess at least a Bachelor’s degree from an accredited university or college, in
such fields as an engineering discipline, business administration, security management,
computer science, or information management, or an equivalent combination of education,
certifications and experience
• Applicant must have at least 5 years of direct experience in network security, web application
testing, vulnerability assessment, or penetration testing
• Applicant must demonstrate detailed knowledge in one or more of the following areas:
networking, Windows and UNIX/Linux operating systems, Active Directory, and command line
interfaces to include PowerShell and Bash
• Applicant must have advanced level knowledge conducting penetration tests in one or more of
the following areas: web applications, exploiting vulnerable services, phishing, red teaming,
Active Directory, or exploit development
• Applicant must have familiarity with a broad range of tools and techniques for network
scanning, penetration testing, adversary emulation, and red teaming
• Applicant must have a demonstrated ability to develop reports and presentations (verbal and
written) that are understandable to a wide range of audiences
• The position requires an individual with a proven ability to meet deadlines and perform under
pressure in an uncertain environment
• Applicant must be willing and able to work well as a part of a team
• Applicant will need to have or be able to obtain a DOE Q clearance.
Desired Skills, Knowledge and Abilities:
• National level recognition in the area of penetration testing, to include presentations at
conferences and technical publications
• A solid understanding of the mission of the DOE
• Demonstrated ability to help line management identify solutions to complex problems
• Possess one or more nationally recognized certifications
• Experience with programming, coding, or scripting in order to deliver advanced and more
efficient penetration tests

Benefits:

401(k)
401(k) matching
Health insurance
Paid time off

Schedule:
8 hour shift

Application Question(s):
Do you have now or have you had a DOE Q or TS/SCI clearance? (Please note which type and dates active.)