Cybersecurity Vulnerability and Penetration Tester SME

Axxum Technologies

Job Description
Overview: Axum has an opportunity for a Senior Cybersecurity Vulnerability and Penetration Specialist to join our team. The candidate will be a member of our team supporting our government clients. As a team member, the Senior Cybersecurity Vulnerability and Penetration Specialist will use operating systems, database application, and web security inspection tools to perform security testing of production systems. The chosen candidate will perform vulnerability and penetration testing with tools on production systems that are upgraded or coming online. Once the vulnerability tools are run, candidates will be required to analyze results and write reports based on their findings and follow up with systems owners about the results of the tests. Specifically, the candidate will: + Perform security testing activities that include vulnerability discovery and risk analysis, which includes recommendations for risk mitigation. + Perform security testing of IT assets that are in a pre-production or pre-deployment capacity, such as operating systems, database application, web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, and common application platforms. + Conduct kickoff meetings and exit briefings + Prepare technical responses to security questions + Actively participate in team activities, to include recurring team meetings and process improvement discussions. + Develop and present vulnerability and security testing demonstrations for business owners and team members. Responsibilities: The candidate will perform security assessments of National Systems, gather and aggregate assessment data for trends analysis, develop and maintain documentation to support the assessment process, and actively work to ensure the assessment process matures in line with industry best practice and Judiciary requirements. Each security assessment will include, at a minimum, the following activities: Documentation Review, Interviews of System Stakeholders, Security Testing of IT Assets, Physical Control Review, and Process Development/Operation. Requirements: + Candidates must be able to interpret testing results/categories back to the NIST/RMF framework and provide a non-technical brief to system owners. + Understanding of IT security testing and appropriate tools. + Knowledge of potential vulnerabilities and threats to existing web applications, databases, and operating system technologies. + Knowledge of cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Verification Standard and security testing tools. + Experience with web development and web application implementation + Experienced executing and analyzing results from tools such as: Nessus, Nmap, Burp Suite, Metaploit, Acunetix, IBM AppScan, and AppDetective + Capable of performing security testing of Judiciary IT assets, gathering and aggregating testing data for trend analysis, developing and maintaining documentation to support the testing process, and actively working to ensure the testing process matures in-line with industry and Judiciary requirements and expectations. Required Qualifications: + Bachelors Degree and ten (10) years of cybersecurity experience or High School Diploma and 15 and similar related experience as a system/network administrator, security engineer, or security vulnerability tester. + At least seven (7) years conducting IT security testing in a government, academic or business environment. + One of the following certifications: GIAC Certified Incident Handler (GCIH) Certification, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), Offensive Security Web Expert (OSWE), or Certified Ethical Hacker (CEH) Preferred Qualifications: + Excellent verbal and written communication skills + Excellent organizational and analytical skills + Ability to collaborate in a team environment + Attention to detail Work Location/Full Address: Remote Clearance Requirement: Public Trust Benefits and Perks Axxum Technologies benefits for eligible employees include: Paid Holiday Leave Paid Time Off Medical, Dental & Vision Insurance Short & Long-Term Disability Insurance Employer-Paid Term Life Insurance Eligibility to Participate in Flexible Spending Accounts Plan Eligibility for Educational Assistance Program Employee Referral Bonus Program Transit Benefit Program in DC Metro Area 401K Plan Powered by JazzHR