Job Description:Raytheon Blackbird Technologies is seeking an experienced Penetration Tester to conduct full-scope vulnerability assessment and penetration testing for one of our clients. The Penetration Tester must be able to plan, communicate, coordinate and conduct penetration tests and security assessments for applications, systems and enterprise networks. Responsibilities will include:
- Plan, communicate, coordinate and perform penetration tests and security assessments at application, system and enterprise level.
- Develop all Rules of Engagement, scoping documents and reports
- Perform manual penetration tests and validation of vulnerability scan results.
- Develops automation/scripts for replicating vulnerability validation and penetration tests.
- Develop SOPs and architect all penetration testing and security assessment methodologies.
- Devises plans and scenarios for various types of penetration tests.
- Documents exploits and results in remediation and final report.
- Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
- Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk.
- Selects, installs, and configures security testing platforms and tools or develop tools and procedures for vulnerability assessments and penetration tests.
- Contributes to application of FISMA compliance mechanisms, including NIST SP 800 series, with the addition of sound methodologies in lieu of weakly-defined and subjective scores.
- Performs vulnerability assessments using automated tools (Metasploit, Nmap, Nessus, Burp Suite, etc.)
- Support flexible work locations per work schedule (at RTN, and multiple customer sites).
- Performs off-hours work as necessary.
- The position requires U.S. Person status or a Non-U.S. Person be eligible to obtain Authorization.required to obtain a higher security clearance.
- Experience in penetration testing large and complex enterprise networks
- Experience with utilizing penetration testing methodologies
- Experience with web and mobile applications, databases, operating systems
- Experience with regulatory compliance, policy development, and policy enforcement
- Experience with FISMA compliance and the NIST SP 800 series
- Experience with DISA STIGs or similar secure configuration guidelines.
- Experience in the roles identified above
- 4+ years related experience for G08
- 6+ years related experience for G09
- 8+ years related experience for G10
- 3+ years of penetration test experience
- Excellent communication and interpersonal skills
- Hands-on OS configuration/administration experience
- Programming experience with focus on penetration testing or process automation
- Experience with cyber security development projects and programs for U.S. Government and/or commercial clients
- Experience with FEDRAMP
- Experience with process development and deployment
- Experience with the following technologies:
- Kali Linux
- Burp Suite
- Tenable SecurityCenter
- HP Fortify
- IBM AppScan
Required Education:Bachelor’s Degree in related field Equivalent experience in military, civil, or corporate continuity planning will be considered. Desired Certifications:DODI 8570.1-M Compliance at IAT Level II; CISSP, CPT, CEH preferred.
- Experience with three or more of the following:
- Security COTS integration
- Security Incident Event Management
- Operating System Hardening
- Vulnerability Assessment testing
- Identification and Authentication schemes
- Public Key Infrastructure and Identity Management
- Cross Domain Solutions
- Reverse Engineering
- Security engineering
- Excellent writing skills
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.
Cyber, Security, All, Warfighter Support Services
Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges -- from the cyber domain to automated operations, and from intelligent transportation solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated approximately $6 billion in 2016 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world -- in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.
JBRaytheon ICJBMeta // SKCYB85