Exploitation Analyst/Penetration Tester

About the position As a Penetration Tester, you will play a crucial role in proactively discovering vulnerabilities in systems and on the Department of Veterans Affairs networks. Your primary focus is completing time-based penetration tests to support the Authority to Operate (ATO) approval process for System Owners. Responsibilities • Perform penetration testing against various systems, which may include web applications, databases, web services, network devices, operating systems, cloud installations, and infrastructure (hardware) devices. • Utilize a variety of industry standard security tools to conduct manual-based security assessments. • Review new vulnerabilities as they are published and develop impact assessments. • Determine risk from vulnerabilities based on availability of exploit and potential loss of information and IT services capabilities. • Produce periodic trending and impact reports as required. • Generate reports (automated and manual) based on results from assessments and explain in detail to customers. • Develop new testing techniques and programs to support the Penetration testing team. • Manage and maintain hardware and software with an ability to provide infrastructure maintenance support to attack systems. • Knowledge and experience with processes and procedures relating to information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. • May be required to work outside normal duty hours to perform assessments on certain systems. Requirements • Bachelor’s degree (8 years of additional relevant experience may be substituted for education) • 1-4 years of experience in IT functions like network administration, engineering, or security • 1 year of experience supporting offensive cybersecurity roles • Experience with the following: • Support Windows, Unix, and Linux operating systems • VMWare • Kali Linux Suite • Nessus Scanner (Tenable) • RedHat Enterprise Linux • NMAP • Ability to conduct scripting in bash and PowerShell Nice-to-haves • OSCP • PNPT • Pentest+ • CISSP • CEH Benefits • Traditional and HSA- eligible medical insurance plans w/ Wellness Incentives for employees and family • 100% employer-paid dental and vision insurance options • 100% employer-sponsored STD, LTD, and life insurance • Veterans Cohort • Gym membership reimbursement • 401(k) matching • Dollar-for-dollar 501(c)(3) donation matching • Flexible-schedules and teleworking options • Paid holidays and Flexible Paid Time Off • Adoption Expense Reimbursement • Paid Parental Leave • Professional development and career growth opportunities and paid training days • Employer-sponsored Employee Assistance Program for employee and family • Team and company-wide events, recognition, and appreciation Apply tot his job