Senior Penetration Tester

Tyto Athene is searching for a Senior Penetration Tester to support our customer in Arlington, Virginia.

Responsibilities:

• Conduct vulnerability assessments
• Carry out penetration tests, perform social engineering tests
• Analyze technical security weaknesses
• Perform risk analyses and develop exploits
• Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and encryption
• Develop tools, techniques, training, and countermeasures for computer and network vulnerabilities, data hiding, and encryption.

Required:

• Bachelor’s degree in Computer Science, Information Technology, or related field and 10 years of relevant experience or a Masters degree and 6 years.
• Must have a strong technical background and understand system architecture and design, operating systems, network infrastructure, software installation on test platforms, software development, database, and operating systems.
• Security, Software Development, Networking, and/or Systems Administrator Experience
• Understanding of 3-tiered Web Applications and Mobile Application Architectures
• Manual Penetration Testing Experience (i.e. mapping applications, injecting SQLi, XSS, XXE, exploit creation)
• Must have Commercial Web Application Tool Experience (i.e. BurpSuite, AppScan, WebInspect)
• Network Penetration Testing Tool Experience (i.e. Nmap, Nessus, Wireshark, Metasploit, Hydra, John)
• Exceptional communication skills, with the ability to explain the technical details of OWASP Top 10 and other vulnerabilities from C-levels to developers in a large professional environment

Desired:

• Certifications Preferred (Not Required):
• PNPT – Practical Network Penetration Tester
• OSCP – Offensive Security Certified Professional
• CRTO – Certified Red Team Operator
• CRTP – Certified Red Team Professional
• Web Services Security Penetration Testing Experience
• Commercial Network Penetration Testing Tool Experience (i.e. Metasploit and Cobaltstrike)
• Experience with Open Source Tools (i.e. Powershell Empire, PowerSploit, Impacket, Rubeus and Mimikatz)
• Software Development and/or Scripting Experience in PowerShell, .NET, C , Java, C#, perl, python or bash
• Experience with Virtual Machine technologies
• Database Experience (DBA or security penetration testing)
• Source Code Review (aka Static Code Analysis) experience
• Good technical writing skills and attention to detail

Clearance: Active Secret clearance required

Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.

Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.