• Penetration Tester, Mid Level

    Location US-MD-Ft. Meade
    Posted Date 2 weeks ago(6/6/2018 12:48 PM)
    Job ID
    N-1669
    # Positions
    1
    Experience (Years)
    6
    Category
    Cyber Security
  • Overview

    WOOD is currently hiring a Penetration Tester/Threat Analyst to join our team in the Ft. Meade, MD area.  The Pen tester will be performing cyber force functions using state of the art penetration and threat tools. Linux and scripting experience is required. 

     

    Responsibilities

    • Demonstrated knowledge of network threats, attacks, and other methods of exploitation, and the ability to develop Tactics, Techniques, Procedures (TTPs) to mitigate, deter, and respond.
    • Working knowledge of KALI Linux and the KALI tool suite preferred 
    • Designing, demonstrating, developing, implementing, and updating exploitation or protection methods and recommending mitigation strategies and techniques
    • Evaluating multiple operating systems, network configurations, network architectures and topologies for potential technical and/or operational vulnerabilities. Efforts also include:Analyzing network transports and application layer packets and identifying packet details
    • Identifying anomalies at the packet level and developing signatures to support various collection platforms
    • Demonstrating proficiency with common network protocols and analysis tools, specifically Wireshark (Ethereal)
    • Determining the threat to U.S. networks of interest posed by adversarial systems, activities or operations.
    • Performing each phase of cyber activity tracking; conducting network reconnaissance to detect the presence of unexpected behavior, identifying anomalous activity, categorizing and tagging intrusive activity. Efforts also include:
    • Performing network intrusion incident response and network attack characterization and reconstruction
    • Identifying signatures, attack scenarios, attacker profiles, and other relevant information to enhance Customer's knowledge of the adversary and the techniques employed
    • Performing in-depth technical analysis with the goal of determining what the intruder did or attempted to do, where they came from, how they got in, their motivation, and anything else that can be learned from analyzing the intrusion data to include:Developing techniques for the identification and analysis of malicious activity
    • Understanding the development of SNORT signatures or similar intrusion detection syntax
    • Determining the extent of malware's capabilities, how to detect it and to assess its impact on affected systems
    • Conducting real world, near real time, monitoring, analysis and reporting
    • Utilizing tools (in-house, freeware, commercial) and analytical techniques to determine the levels of severity and potential mission impact of anomalous behavior
    • Writing scripts/tools to develop an analysis capability to include:Applying basic analytic methods such as computer programming, (JAVA, Perl, C, etc.) and debugging programs
    • Developing technical techniques and processes
    • Performing in-depth technical analysis of collected network traffic
    • Reviewing log files, Access Control List (ACL), network Intrusion Detection System (IDS) records and host IDS records for evidence of pre-intrusion activity

    Qualifications

    *All Candidates must have a TS/SCI clearance with a Polygraph

    • Shall have a minimum of six (6) continuous years of work experience in network and vulnerability support analysis, or a combination of a minimum of three (3) continuous years of work experience in network and vulnerability analysis and a Bachelor’s degree in an applicable (math, science, computers, engineering) field
    • Work experience shall include three (3) years of IC experience in network and vulnerability analysis
    • Must have experience with Kali Linux and light programing
      • Shall have demonstrated analytic ability to perform technical analysis for exploitation of an identified activity that is of an unknown or suspicious origin, competence with relevant Computer Network Operations (CNO) and SIGINT tools and databases used for the customer mission, and communications skills that include the ability to provide formal documentation of analysis and/or research results
      • Currency in penetration tools and techniques is required
    • Hands on experience supporting security assessments, RED/BLUE Teams, and/or Penetration Testing in Windows and UNIX/LINUX environments. 
    • Experience in three or more of the following areas: network reconnaissance to identify devices and protocols, information gathering from network devices and hosts, vulnerability analysis based on information discovered in network reconnaissance and information gathering, auditing and exploiting web vulnerabilities, analyzing and manipulating network packets, Password Attacks, Sniffing and Spoofing, exploiting vulnerabilities identified in the assessment phase. 
    • Experience writing reports based on results of security testing and analysis
    • Hands on experience working in a virtual environment to include installing and configuring networks preferred
    • Experience as opposing forces in an exercise or training event preferred
    • Hands on experience working in a virtual environment to include installing and configuring networks preferred
    • Hands on Experience in Windows and UNIX/LINUX environments using a variety of tools such as Metasploit, DNSwalk, Wireshark, Nmap, Armitage, Aircrack, Burp Suite, Routersploit, Firewalk, Cuckoo, Dumpzilla, Bluesnarfer and exploitdb 
    • Experience in IA/CND (Protect/Detect/Respond/Sustain) with Cyber Security
    • Experience performing high-volume analysis of logs, network and system data, to include NetFlow, PCAP, XFLOW, HBSS, ACAS, along with other SIEM-specific artifacts

    Required Tools/Certifications: Wireshark/Ethereal, Nessus, Snort, tcpdump, tcp wrapper, IDS (various), ISS scanner, eEye digital vulnerability scanner, <forensics work at host, network, or software levels>, <penetration testing work>, <malware, spyware, botnet work>, GCFIH, CNDA, DoD Forensic examiner, DoD Media Collector, Security+,  Nmap, SSCP, Cisco CCNA ( and other Cisco related network certs),  Network+, Net Impact

     

      

    WOOD is an Equal Employment Opportunity Employer; all qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or veteran status.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed