Job Description

Overview Steampunk is seeking a Subject Matter Expert (SME) Penetration Test Engineer to support our Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) clients. CISA leads the national effort to understand, manage, and reduce risk to critical infrastructure, protecting the American way of life. Contributions As a SME - Penetration Test Engineer, you will join our Cybersecurity practice supporting our federal customers. You will have an active TS clearance and 10+ years of proven experience as a Senior Security Engineer with experience assessing security implementation of cloud and hybrid environments, including Continuous Integration/Continuous Delivery (CI/CD) pipelines, applications, and services. You will have supervisory/leadership experience overseeing and guiding large teams responsible for planning, analyzing, implementing, and maintaining various penetration testing projects. Leading penetration testing, developing advanced security scenarios and testing systems against those scenarios. Developing advanced security architectures for the implementation of custom countermeasures. Providing security considerations to advise system engineering teams to reduce errors, flaws, and weaknesses that may constitute security vulnerabilities. Performing advanced code analysis and protocol analysis for nation-state and state-sponsored cyber threat actor capabilities. Using agile best practices for scanning and end-to-end vulnerability remediation, assisting in all information security planning, compliance, and risk management. Managing teams, ensuring they have appropriate skill sets, and tying the teams and results together. Identifying vulnerabilities and recommending countermeasures. Analyzing the network to determine if appropriate security is applied using knowledge of the NIST RMF. Developing and implementing test plans and ensuring execution. Evaluating the costs and benefits of security functions and considerations from analysis of alternatives, engineering trade-offs, and risk treatment decisions. Utilizing a risk-based approach to evaluate findings and writing detailed summaries of vulnerabilities and suggested remediations. Providing technical assessments of all layers of the enterprise stack as required by the specific application/system being tested. Working directly with system admin teams and ISSOs to discuss findings and verify that their remediation efforts are adequate through follow-up penetration testing. Conducting penetration testing using approved tools and best practices. Creating detailed reports including findings and suggested remediations. Conducting risk-based assessments based on penetration testing findings and briefing the same to senior leadership. Reviewing and suggesting changes to ROE to ensure outcomes provide desired results. Working with system teams and ISSOs on understanding findings and remediation guidance. Managing and supporting development of pen testing SOPs. Designing scenarios for testing based on TTPs used by threat actors. Qualifications Active TS clearance 10+ years of proven experience as a Security Engineer Supervisory/leadership abilities to oversee large teams responsible for planning, analyzing, implementing, and maintaining various projects. BS in an IT field & 5 years of IT work OR BS in a non-IT field and 7 years of IT work Experience with packet analysis and with hardening and remediation. Experience over a variety of technologies and ability to assess security implementation of cloud and hybrid environments. Ability to ensure industry best practice implementation utilizing agile practices for scanning and end-to-end vulnerability remediation. Ability to assist in all information security planning, compliance, and risk management. Able to identify vulnerabilities and recommend countermeasures. Preferred Skills Experience with multiple penetration testing tools (Metasploit, nmap, burp suite, Kali Linux, etc.) Experience briefing to senior leadership Excellent written and verbal communication skills Ability to perform work after-hours as testing requires Experience performing security research to remain current on emerging technology trends Familiarity with MITRE ATT&CK framework Ability to work with ISSOs to map findings to associated security controls Working knowledge of various enterprise technology stacks used to build applications in the cloud Working knowledge and experience in AWS and Azure GovClouds About Steampunk Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health, and DoD sectors. Through our Human-Centered delivery methodology , we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee-owned company , we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit Steampunk . We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program. #J-18808-Ljbffr GameStop

Job Tags

Similar Jobs