Came across this awesome position on EthicalHacker.net’s forums. Although the req reads like they are looking a mid-career candidate, in the forum post they mentioned that they have multiple pen testing positions at various levels. The POC is listed at the end of the req below. If you decide to apply, please mention that you heard about this position through NovaInfosecPortal.com.
And don’t forget … if you organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details. Well anyway … on to the job post.
Senior Penetration Tester
Knowledge Consulting Group
Candidate will be responsible for performing various security assessments, educating the client on the inherent risks, and providing meaningful hardening and mitigation strategies. Job responsibilities include network and web-based application penetration tests, physical security assessments, logical security audits, and hands-on technical security evaluations and implementations. Additionally, this person will be expected to develop subject matter expertise or focused capabilities in the topics of database security, wireless security, or application and development security.
Responsibilities with specifically include:
- Conduct network and web-based application penetration tests
- Conduct physical security assessments
- Conduct logical security audits and hands-on technical security evaluations and implementations
- Develop subject matter expertise of focused capabilities in the topics of database security, wireless security, or application and development security
- Conduct wireless security assessments
- Conduct social engineering assessments
Demonstrated technical experience with:
- Web Application Penetration Testing.
- Linux, MS Windows.
- Vulnerability Detection and Remediation.
- Network Switching and Routing (Cisco).
Must also have:
- 6+ years of experience in information security with specific application penetration testing experience.
- Working knowledge of TCP/IP ports and protocols.
- In depth familiarity with Windows and Unix operating systems.
- Familiarity with web proxy tools such as Paros and/or Burp.
- Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
- Familiarity with penetration testing tools such as BackTrack, Nessus, nmap, MetaSpolit, vulnerability scanning tools, tcpdump, wireshark, Nikto, etc.
- Familiarity with scripting in UNIX shell, PERL, or Python.
Technical writing experience (required):
- Application assessment reports
- Standard operating procedures documents
- Formal policy and procedure documents
- Excellent written and oral communication skills.
- Self motivated and able to work in an independent manner.
Other Qualifications (desired):
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
- Familiarity with web application testing tools such as WebInspect a
- CISSP, GIAC, GWAPT, GPEN, CEH, LPT, or CCNA certification a plus.
- Advanced degree in an IT related field a plus.
- Working knowledge of firewalls and other network security products.
- Knowledge of applied cryptographic protocols.
- Familiarity with XML, SOAP, and Ajax.
- Experience using Rapid7 Nexpose and Metasploit Pro
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
About Knowledge Consulting Group
Founded in the year 2000, Knowledge Consulting Group (KCG) is a privately held company with corporate headquarters in Reston, Virginia. Our employees and customers recognize us as a firm with:
- A successful history of achievement supporting federal government customers
- Leadership with vision and integrity
- A commitment to supporting diversity in our workforce
- An entrepreneurial spirit
- A company that rewards outstanding teamwork in support of its clients
Our technologists and consultants are the foundation of our company. KCG’s corporate philosophy is to grow them professionally and financially. KCG is dedicated to providing education, training, and resources to our team members, furthering their technical and professional careers.
KCG unequivocally recognizes that our employees are the company’s most valued assets. We are committed to providing the leadership and direction for enthusiastic professionals to learn, thrive, and excel. KCG is committed to professional development via new and ongoing training to make it possible for our employees to meet and exceed their professional and personal goals, as well as our customers’ expectations.
People-wise, we are energetic, entrepreneurial, and passionate about our work and the success of our customers. At KCG, everyone has a stake in their future and the company’s success. Fresh ideas are encouraged.
If you’d like to explore technology from a new perspective, work with extraordinary people, and do something revolutionary by helping our customers to succeed, consider joining our team.
Follow-Up Contact Information
If you’re interested, please send your resume to Stephanie Costello at [email protected] … and remember … tell her NovaInfosecPortal.com sent you!