GREAT PAY https://playerup.com/images/smilies/victoire.gif https://playerup.com/images/smilies/victoire.gif Looking for a talented individual with pen testing experience. As much as I hate to say this, need to have some industry certifications. 7+ years of real penetration testing (red team type activity) can possibly substitute certification until you get OSCP or similar. Corporate office is based in Fairfax, VA but this position can be work from home (primarily) anywhere in the US. Must be a US Citizen. Must be able to obtain a security clearance if requirement arises. Lead Penetration Tester Duties & Responsibilities: In this role, you will facilitate Security Control Assess https://playerup.com/images/smilies/superman.gif ments (SCAs) and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments. To succeed in this position, you will need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. You will work in a team atmosphere with an experienced Technical Project Lead, and you will be assigned technical sections and provide client-ready deliverables. In this role, you will: • Execute, examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4 • Ensure cyber security policies are adhered to and that required controls are implemented • Validate information system security plans to ensure NIST control requirements are met • Develop SCA documentation, including but not limited to the Security Assessment Report • Author recommendations based on findings to improve security postures compliant with NIST controls • Penetration Testing (~50% or more) • Experience using Kali Linux and Metasploit. Good understanding of coding (Python, Ruby, etc.), understanding of SQL commands and testing. Required Qualifications: • Bachelor’s degree (4-yr college or university) or equivalent combination of education and experience • Minimum three (3) years of experience in IT industry with strong familiarity with NIST Special Publications (SP) 800-37 Revision 1, 800-53 Revision 4, and 800-53A Revision 1 • Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences • Strong NIST experience (in order of preference): NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171 • Ability to independently lead small, less complex system assessments • Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts to satisfy assessment requirements • At least one of the following certifications in order of preference: OCSP, GIAC-GPEN, LPT, CISA, CISM, CRISC, CGEIT, CCSP, CISSP, and/or CAP certification • Must have a Penetration Testing Certification – order of preference: OCSP, GIAC-GPEN, LPT • Second certification in order of preference to be obtained within 6 months or by conversion date: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, or CAP • Other certifications that are acceptable: AWS certifications Additional Qualifications: • Experience reviewing Nessus output • Basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft • Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements • Experience with Amazon Web Services, Microsoft Azure, etc. • Project management experience or certification (PMP) Education & Experience: • 8-10 years of experience in either auditing or consulting • 5-8 years of experience is acceptable with the right skill set and having dealt with many systems in a short time, e.g. worked in a Government or DoD Program Management Office