What are the responsibilities and job description for the Penetration Tester position at Marathon TS?

Marathon TS is looking for a Penetration Tester to support our government client. The Penetration Tester will :

Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
Apply sound technical and management principles to identify and remediate cybersecurity vulnerabilities across the State Department global IT enterprise infrastructure
Apply organizational and process change principals
Evaluate system performance results, perform risk assessments, and evaluate performance metrics.
Responsibilities include :
Provide ad-hoc penetration testing and assessment services on Department of State systems identified by the leadership.
Develop, Identify and resolve security vulnerabilities related to deployment and testing processes
Streamline and optimize processes and procedures in order to rapidly remediate vulnerabilities from cybersecurity threats
Collaborate with Department and external cyber stakeholders on cybersecurity technology implementations to meet specific operational needs.
Perform technical evaluations of recommended vulnerability mitigation actions and make recommendations based on impact and / or other countermeasures.
Develop strategies for CIC cyber defense technologies, ensuring integration and alignment for continued operation.
Conduct assessments of threats and vulnerabilities; determine deviations from acceptable configurations, enterprise, or local policy; assess the level of risk; and develop and / or recommend appropriate mitigation countermeasures in operational and non-operational situations
Network Mapping include but are not limited to a network map of the organization's system that includes a visual representation of the organization's physical devices and digital network.
Perform operation and maintenance activities in support of existing CIC cyber tools and technologies (MSV, Qualys, Tenable Nessus and others).
Identify, diagnose, and prioritize anomalies in cyber defense infrastructure and resources.
Perform cybersecurity testing of developed applications and / or systems. Identify and direct the remediation of technical problems encountered during testing and implementation of new systems.
Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders.

Required Qualifications :

4 years Microsoft Operating Systems (OS) engineering and support experience focusing on Active Directory (AD), System Center Configuration Manager (SCCM), System Center Operations Manager (SCOM)

4-6 years Network penetration testing experience

In-depth experience in planning, implementing, and managing large / global enterprise infrastructures

Familiarity of various analytical tools (Splunk, USBDeview, Netwitness, MimiKatz)

Understanding of Security Information and Event Management (SIEM) tools (Splunk, McAfee)

Familiarity of Cobalt Strike, Nessus, Kali Linux, Burp Suite, Nmap and OpenVAS for databases

Knowledge of general attack stages

Skill in the use of social engineering techniques and using penetration testing tools

Familiarity with OMB, NIST, Client, and related security guidelines and directives

Interpersonal skills including the ability to collaborate effectively, and excellent written and oral communications

Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Server / endpoint OS (Microsoft, Linux, IOS) along with mobile and cloud technologies.

Cloud application security, Vulnerability Management and Security Information, and Event Management capabilities.

Knowledge of identity and access management solutions (MFA, PKI, SAML, etc.)

Countermeasures / mitigations to identified cybersecurity risks.

Knowledge of network protocols such as TCP / IP, Dynamic Host Configuration Protocol (DHCP), domain name system, and directory services

Ability to generate and implement capabilities to monitor organization's network in real-time

Ability to provide Vulnerability Scanning Risk Assessment

Information protection technologies (e.g., firewalls, antivirus, threat protection, servers, routers, and others as appropriate).

Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)

Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").

Apply for this job

Receive alerts for other Penetration Tester job openings

Penetration Tester

What are the responsibilities and job description for the Penetration Tester position at Marathon TS?

What is the career path for a Penetration Tester?

Job openings at Marathon TS

Not the job you're looking for? Here are some other Penetration Tester jobs in the Virginia, VA area that may be a better fit.

We don't have any other Penetration Tester jobs in the Virginia, VA area right now.

AI Assistant is available now!