Information Security Penetration Tester

Location: Remote and Onsite as Required: Wytheville, Virginia (with travel to Bland, Carroll, Grayson, Smyth, and Wythe Counties, as well as the City of Galax)

Contingent Upon Award
Reports To: PM

Job Summary

• Conduct a comprehensive penetration testing and operational framework review assessment for MRCS.
• Perform vulnerability assessments, penetration testing (external, internal, and wireless), and firewall evaluations to ensure information system security and resilience.

Key Responsibilities

• Confirm and document scope of services and test plans in writing before beginning assessments.
• Conduct vulnerability scans of MRCS’s network architecture (external and internal).
• Perform security assessments of web applications, websites, and business systems for HR, Payroll, and the Business Office.
• Conduct external penetration testing to identify vulnerabilities in Internet-facing systems.
• Execute internal penetration testing to evaluate risks from unauthorized access.
• Validate wireless network security and mechanisms to prevent unauthorized access.

Firewall Evaluation

• Review firewall configuration, applications, protocols, filters, and policies both onsite and offsite.
• Evaluate firewall logs and overall setup for vulnerabilities and compliance.

Reporting and Documentation

• Deliver detailed reports with results, implications, risks, and recommended mitigation strategies.
• Include executive summaries, technical findings, and actionable steps for improvement.
• Create a communication and incident management plan for issues arising during testing.

Coordination and Communication

• Liaise with third-party vendors for necessary authorizations.
• Collaborate with MRCS staff to confirm logistics, establish goals, and secure access credentials.

Compliance and Best Practices

• Ensure assessments comply with NIST 800-171 standards.
• Utilize vendor-neutral frameworks and avoid network disruptions during testing.

Qualifications

• Education: Bachelor’s degree in Information Security, Computer Science, or a related field.
• Experience: Proven experience in vulnerability assessments, penetration testing, and firewall evaluations, with knowledge of NIST assessment methodologies.
• Certifications: CEH (Certified Ethical Hacker), CISSP (Certified Information Systems Security Professional), or equivalent.
• Skills: Proficiency in penetration testing tools, strong problem-solving abilities, and excellent communication skills.

Work Environment

• Frequent travel across MRCS service areas.
• Testing may occur after hours to prevent disruptions to operational systems.
• Standard working hours are 8:30 AM – 5:00 PM, with flexibility as needed.

Job Type: Full-time

Pay: $130,051.00 - $144,527.00 per year

Schedule:

• 8 hour shift
• Monday to Friday

Work Location: Hybrid remote in Wytheville, VA 24382

Salary : $130,051 - $144,527