Pen Tester Red Teamer Junior

Iron Vine Security, an ECS Federal company, is a rapidly growing information security and information technology company in Fairfax, VA. We are looking to hire a Penetration Tester/Red Teamer to provide a full range of cyber security testing services on a long-term contract in Baltimore, MD. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

• Conduct manual Network/Host and Web/API application penetration testing

• Provide advisement on countermeasures to mitigate threats

• Identify security deficiencies and determine the efficacy of security controls design and implementation

• Provide vulnerability to exploit mapping

• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets

• Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities

• Research, document and discuss security findings with team members

• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws

• Provide feedback and verification as an organization fixes security issues

• Conduct Red Teaming Exercises simulate advanced threat actor tactics, techniques, and procedures (TTPs)

Salary Range: $78,000 - $83,000
General Description of Benefits

3 years of IT experience to include 1 years of experience in either information security, development, or system/network administration.

• Bachelor's degree in an IT related field or equivalent education or work experience preferred

• Programming experience preferred

• Working knowledge of TCP/IP ports and protocols

• Working proficiency with Windows and UNIX operating systems

• Working knowledge of firewalls, routing, switching, and other network security products

• Familiarity of security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.

• Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, Wireshark, Nikto, etc.

• Excellent written and oral communication skills. Must be able to document security deficiencies write Security Assessment reports, Standard Operating Procedure documents, etc.

• Self-motivated and able to work in an independent manner

• U.S. Citizen - must be able to obtain "Public Trust" level clearance. (SF-85 and SF-86 submission required)

• Experienced in at least one related functional area (network security, programming, databases, mainframes, apis, web applications, red teaming, etc.)

• Application/Systems development experience preferred

• An In-Depth familiarity with Linux, MS Windows, or both

• Familiarity with programming/scripting in multiple languages (Python and PowerShell a plus)

• Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and Open-Source Security Testing Methodology Manual (OSSTMM)