Security Tester

• June 30, 2023

Job Title: Security Tester
Location: Ft. Meade, MD
Clearance: Top Secret
Telework: Approximately 50% telework

To apply: Email resume to [email protected] 

Job Description 

We are seeking a security tester in support of a government client.  This individual should be capable of cybersecurity testing activities across multiple technologies, assets, and networks. The effort requires testing of operating systems, databases, network fabric assets, web applications, web services, APIs, source code, and wireless communications.  To thoroughly test these sorts of technologies, individuals must be well-versed in vulnerabilities and weaknesses that can affect these assets. 

• Maintain and stay current with in-depth technical knowledge of security testing tools in use by the customer and testing techniques. 
• Perform automated security testing, manual validation of automated results, and manual configuration validation of items not covered by automated testing, for assigned area 
• Make recommendations for updates, additions, and modifications to security policy as gaps or deficiencies in security policy are identified. 
• Provide recommendations to update existing, or create new, processes and procedures to improve the security testing program. 
• Engage with testing stakeholders to gather all required information needed to create detailed test plans. 
• Conduct security testing using the provided automated testing tools in conjunction with manual configuration validation techniques. 
• Have experience with the following primary tools: SuperScan, NMAP, Nessus Professional, Tenable.sc. Additional supplementary tools are available. 
• Handle the installation, use, and technical troubleshooting of all security testing tools, to include the creation of any customized configurations within the testing tools to complete testing engagements. 
• Validate target lists and perform discovery scans of target subnets to determine if assets exist within subnets which have not been identified for testing. 
• Troubleshoot any technical issues preventing successful completion of testing engagements within the scheduled time allotted for the engagement (i.e. insufficient credentials, whitelisting not implemented, no network access, etc.). 
• Validate and enrich results generated by automated testing tools. Example activities include identification of false positive findings generated by testing tools, adjustment of finding severities based on specific considerations within, or associated with, the affected target. 
• Participate in findings meetings to review and provide input on the validity of operating system stakeholder responses to findings. 
• Provide Subject Matter Expertise for a variety of topics concerning operating systems in a variety of formats (verbal or written). 
• Work during non-core business hours, holidays, weekends, and on an as-needed basis in order to support off-hours testing, when required. This is estimated to occur approximately 30 days each year. 
• Travel on a periodic basis to support remote testing when required. This is estimated to occur five (5) days each month for local sites (i.e. within fifty (50) miles of HQ), and approximately ten (10) days each quarter to sites further than fifty (50) miles. 
• Support ad-hoc operating system testing engagements of a non-standard nature as they are identified to provide a benefit to IAD’s security testing requirements. 
• Additional duties as assigned in support of this security testing effort. 

Minimum Requirements 

• Direct knowledge of current cybersecurity testing and experience with a variety of tools and environments
• Top Secret Clearance 
• Strong oral and written communication skills and with the ability to tie organization objectives to mission critical objectives
• Experience with Microsoft Office (esp. Word, PowerPoint, and Excel)

Education / Experience

• BA/BS degree
• 7+ years of IT and cybersecurity experience 
• 3+ years of experience performing security assessments for the targeted technology (Operating Systems, Databases, Network Assets, Web Applications, and Mobile Applications) 
• 2+ years of security testing experience, with at least 1 year experience performing security testing of Federal IT systems

Note: The above information on this description has been designed to indicate the general nature and level of work performed by an employee in this classification. It is not to be interpreted as a comprehensive inventory, or all duties, responsibilities, and qualifications of employees assigned to this job. Management has the right to add to, revise, or delete information in this description. Reasonable accommodations will be made to enable qualified individuals with disabilities to perform the essential functions of this position.

Please email your resume to [email protected] to apply.