Mid Security Engineer / Internal Penetration Tester

EMPLOYER IS A CONTRACTOR FOR THE U.S. GOVERNMENT. THIS POSITION WILL REQUIRE U.S. CITIZENSHIP.

Role Description:

We are seeking a talented and experienced Mid Security Engineer / Internal Penetration Tester to join our dynamic team and play a crucial role in assessing and validating the security posture of IT systems and internally developed software.  In this role, you will be responsible for conducting comprehensive security assessments and penetration tests to identify vulnerabilities and weaknesses in IT systems, applications, and software. You will leverage your technical expertise and industry knowledge to evaluate security controls and provide actionable recommendations to enhance our security posture.

The listed responsibilities are not exhaustive and additional responsibilities may be assigned based on the evolving needs of the organization. We are seeking a dynamic individual who is able to adapt and take on new responsibilities as they arise.

Responsibilities:

• Conduct in-depth security assessments and penetration tests of IT systems, applications, and software to identify vulnerabilities, misconfigurations, and weaknesses. Evaluate security posture of AWS and Azure Cloud configurations, public-facing company websites, and open-source projects.
• Utilize industry-standard methodologies and tools to perform reconnaissance, vulnerability scanning, exploitation, and post-exploitation activities.
• Analyze assessment findings and prioritize risks based on severity and potential impact to business operations.
• Develop detailed and well-written assessment reports outlining identified vulnerabilities, exploitation techniques, and recommended remediation strategies.
• Collaborate with internal stakeholders to review assessment results, discuss findings, and provide guidance on remediation efforts.
• Work closely with development and IT teams to integrate security best practices into the software development lifecycle (SDLC) and infrastructure design.
• Stay updated on emerging security threats, attack techniques, and security trends to enhance testing methodologies and approaches.
• Contribute to security awareness knowledge sharing and professional development initiatives within the company, potentially including training initiatives such as Lunch & Learns and internal blog posts.

Preferred Experience and Qualifications:

• 3+ years of experience in cybersecurity roles, with a focus on penetration testing.
• Deep understanding of Kubernetes clusters and hosting containerized applications, common security vulnerabilities, attack vectors, and exploitation techniques.
• Experience with web application security testing, including OWASP Top 10 vulnerabilities and secure coding practices.
• Knowledge of network security principles, protocols, and technologies (e.g., TCP/IP, VPN, IDS/IPS).
• Proficiency in conducting security assessments and penetration tests using tools such as Metasploit, Burp Suite, Nmap, Nessus, and Wireshark.
• Excellent analytical and problem-solving skills, with the ability to assess complex security issues and recommend effective solutions.
• Strong communication and interpersonal skills, with the ability to interact with clients and stakeholders at all levels.
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.
• Relevant certifications (e.g., OSCP, CEH, CISSP, GPEN, Kubernetes-relevant certs) are highly desirable.

Must Haves:  (based on government contract requirements, privileged access, CUI & export-controlled data access):

• Must be a US citizen
• Eligible to apply for a security clearance

Travel Expectations/Requirements: 5-10% - This is a remote US based position. Travel would consist of company retreats and team building events/conference attendance.