Guidehouse Senior Penetration Tester in Salem, Oregon
Job Family :
IT Risk & Controls Consulting
Travel Required :
Up to 10%
Clearance Required :
Ability to Obtain Public Trust
What You Will Do :
As a Senior Penetration Tester on our Public Sector Financial Services team, you will support a full range of cyber security services on a long-term engagement with our Washington, DC, based client. The position is full time role with Guidehouse, and will support a US Government civilian agency.
Specific responsibilities include:
• Provide advisement on countermeasures to mitigate threats.
• Identify security deficiencies and determine the efficacy of security controls design and implementation.
• Provide vulnerability to exploit mapping.
• Probe for vulnerabilities in web applications
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications
• Track all findings to closure and retest findings to ensure proper closure.
• Conduct network and web-based application penetration tests.
• Conduct physical security assessments and wireless security assessments as required.
In addition to client-facing responsibilities, this role will support important activities that contribute to the growth of our business, strengthen internal Guidehouse operations, and create a positive work environment for all Guidehouse employees. Some of these activities include but are not limited to:
• Assist in business development activities, such as identifying potential client needs and ways Guidehouse can assist, develop proposals and white papers, participate in client and internal account meetings, and more
• Participate in Guidehouse’s programs for coaching and mentoring staff
• Assist in the development of learning and development materials, courses, and presentations to help Guidehouse employees expand and strengthen their skills
• Support Guidehouse programs and initiatives
What You Will Need :
• Strong analytical and verbal communication skills
• Demonstrated ability to interact effectively with senior management and leadership
• 10+ years’ successful Penetration Testing experience
• Experienced with cryptography, reverse engineering, web applications, databases, and wireless technologies
• Ability to craft enterprise-specific implementation guidance for system owners who are attempting to satisfy NIST SP 800-53 controls.
• Expertise with tools such as Burp Suite, Metasploit, Kali Linux, NMAP, Nikto, WPScan, SQLmap
• Planning, execution, and assessment of threats
• Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
• Senior level experience with a variety of penetration testing tools and tool suites
• Must be able to document security deficiencies write Security Assessment reports, Standard Operating Procedure documents, etc.
• Experience doing vulnerability, compliance, and web application scanning within numerous on-premises and cloud environments
• Experience with both Blue and Red Team penetration testing and assessments
• If not based in Washington, DC, up to 10% travel to Washington, DC, may be required
• Bachelor's degree in Computer Science, Information Technology, Cyber Security or related field, or equivalent combination of education and experience and training
• 10+ years of Penetration Testing experience
• Offensive Security certifications (OSCP, OSCE)
• GIAC certifications (GPEN, GWAPT, GXPN), or technology specific certifications (MCSE, LPIC, CCNA)
• Active Public Trust clearance or higher or eligible for Public Trust clearance
What Would Be Nice To Have :
• Knowledge of NIST guidance, FedRAMP control baseline, industry best practices, and the Internal Revenue Service (IRS) Publication 1075
• Experience conducting security and network audits to evaluate how well an organizations system conforms to a set of established criteria
• Experience conducting penetration testing in cloud environment
• Experience with testing the attack, breach, operability, and recovery issues within a cloud environment
• Knowledge of government guidance for assessing security controls in federal information systems, as outlined in NIST Special Publication 800-115 as well as OWASP application penetration testing.
The annual salary range for this position is $86,100.00-$172,300.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer :
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Position may be eligible for a discretionary variable incentive bonus
Parental Leave and Adoption Assistance
401(k) Retirement Plan
Basic Life & Supplemental Life
Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
Short-Term & Long-Term Disability
Student Loan PayDown
Tuition Reimbursement, Personal Development & Learning Opportunities
Skills Development & Certifications
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Emergency Back-Up Childcare Program
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.