Penetration Attack Tester

Title:
Penetration Attack Tester

KBR is seeking a full-time Penetration Tester to support a Federal Government client in Norfolk, VA. This position has been designated as a Cyber IT/Cybersecurity Workforce position in Specialty Area 121, ("121 - Exploitation Analyst - Exploitation Analysis - Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks. (Analyze)") and as a condition of employment will be required to comply with the DON Cyber IT/CSWF program requirements of SECNAV M-5239.2. Penetration Testers shall provide expertise in penetration testing and red teaming and conduct cooperative vulnerability penetration assessments and adversarial assessments.

Responsibilities include, but are not limited to:

• Perform penetration testing of various software, web applications, and communications infrastructure to assist in hardening the client's cybersecurity posture against malicious actors
• Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments in order to assist in security efforts and apply this security research into assessments
• Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests
• Work with stakeholders to remediate system vulnerabilities
• Train team members, colleagues, and customers on the latest cybersecurity tactics, techniques, and procedures (TTPs) in order to grow the skills of the firm and clients
• Be available to contribute to presentations to customers and stakeholders on penetration test findings and other efforts aligning with the aforementioned responsibilities
• Bring a positive and solution-oriented outlook into difficult situations
• Ability to demonstrate managing the client relationship, presenting sensitive information to decision makers, and providing strong problem-solving and decision-making skills

Job Requirements:

Minimum Qualifications

• 6+ year's penetration testing, red team and/or exploitation development experience
• Ability to work independently and autonomously to conduct penetration testing/red teaming to accomplish assigned test objectives
• Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP)* *Note - Employee is required to obtain Offensive Security Certified Professional (OSCP) certificate within six moths of onboarding. KBR will pay for first certificate training and exam.
• Problem-solving and troubleshooting skills with experience exercising mature judgment
• Strong communication skills, both written and oral
• Excellent teamwork and interpersonal skills
• Able to direct multiple team members towards deliverable and milestone objectives with confidence
• Strong understanding of networking, computer typology, application security, and web administration services
• Understanding of advanced persistent threats (APT)
• Experience in penetration testing simulations (e.g., Hack the Box, Capture the Flag)
• Expertise in the phases of penetration testing
• Proficient in at least two Operating Systems, to include Windows, Linux, and Unix variants, embedded and Real-Time Operating Systems
• Proficient in multiple offensive tools/technologies, such as: a. Metasploit, b. Cobalt Strike c. Core Impact d. Burp Suite e. SDR f. Wireless g. Intercepting Proxie
• Applies knowledge of Information Assurance Vulnerability Alerts (IAVAs)
• Applies experience with compliance and vulnerability scanning tools (e.g., Nessus, McAfee ePO)
• Proficient in one of the following scripting languages: a. PowerShell b. Bash c. Python d. Ruby
• Experience developing Risk Assessment Report (RAR)
• Ability to conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the system
• Clearance requirement is TS/SCI

Preferred Qualifications

• Prior professional services or federal consulting experience
• Bachelor's degree

Preferred Technical and Professional Expertise

• Programming ability to create, read, and modify exploit code to achieve system penetration. C, C++, Java, C#, scripting knowledge is an asset.
• Ability to present the penetration testing results including recommendations to fix.

In compliance with the U.S. federal government's vaccine mandate, only candidates who are fully vaccinated for COVID-19 or have a reasonable accommodation or approved medical exception will be considered for this position.

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.