ECS is seeking a Penetration Tester Mid to work in our Baltimore, MD office .
Job Description:

• Conduct network and web-based application penetration tests
• Provide advisement on countermeasures to mitigate threats
• Identify security deficiencies and determine the efficacy of security controls design and implementation
• Provide vulnerability to exploit mapping
• Probe for vulnerabilities in web applications
• Conduct physical security assessments and wireless security assessments as required
• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
• Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
• Research, document and discuss security findings with team members
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
• Provide feedback and verification as an organization fixes security issues
• Simulate internal lateral movement activities
• Provide mentorship and guidance to Junior Penetration Testers.

Salary Range: $0 - $105,000

General Description of Benefits
Required Skills:

• 5 years of IT experience to include 3 years of experience in either information security, development, or system/network administration.
• Bachelor's degree in an IT related field or equivalent education or work experience.
• Programming experience with focus on development, security, or process automation
• Working knowledge of TCP/IP ports and protocols
• Working proficiency with Windows and UNIX operating systems
• Working knowledge of firewalls, routing, switching, and other network security products
• Familiarity with web proxy tools such as Burp, ZAP, and Fiddler
• Knowledge of security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
• Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, Wireshark, Nikto, etc.
• Excellent written and oral communication skills. Must be able to document security deficiencies write Security Assessment reports, Standard Operating Procedure documents, etc.
• Self-motivated and able to work in an independent manner
(SF-85 and SF-86 submission required)

Desired Skills:

• Experienced in at least one related functional area (network security, reverse engineering, programming, databases, mainframes, web applications, etc.)
• Application/Systems development experience preferred
• An In-Depth familiarity with Linux, MS Windows, or both
• Familiarity with Database administration, device configuration hardening and compliance verification
• Familiarity with programming/scripting in multiple languages (Python and PowerShell a plus)
• Knowledge of applied cryptography
• Familiarity with XML, SOAP, and Ajax
• Ability to conduct source code reviews
• Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and Open-Source Security Testing Methodology Manual (OSSTMM)

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800 employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
General Description of Benefits

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.