Federal - Penetration Tester ++
Defense Point Security is currently seeking a Penetration Tester in Washington, D.C.
Penetration Tester Job Responsibilities:
- Follow industry best practices and methodologies, including the Open Web Application Security Project (OWASP) Testing Guide, to perform penetration testing services to uncover vulnerabilities across various web applications
- Test web services using automated web application scanning methodologies and tools (e.g. IBM AppScan, HP WebInspect, Acunetix WVS, etc...)
- Test web services using a manual in-depth testing methodologies and tools (e.g. Burp Suite Pro, ZAP Proxy, IronWASP, etc...)
- Summarize and document results of testing for management reporting including proper disposition of test
- Research new threats, attack vectors, and risk
- Report on security vulnerabilities via formal reports and weekly status updates
- Verify the security findings from other members of the penetration testing team
+ Basic qualifications
- This position requires U.S. Citizenship due to our Federal contractual obligation
- Bachelor's Degree or higher preferred, in Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines (or SAN/ Sec Cert)
- 5 + years work experience specializing in penetration testing, preferably in support of the Federal government ( Total 6 + in IT)
- Must have one of the following certifications: GPEN, GCIH, or CEH
- Experience with web application penetration testing tools preferred, such as Burp Suite Pro, IBM AppScan, HP WebInspect, etc
- Ability to work independently and also collaborating closely with application developers, engineers and others
- Knowledge of the latest security threats, techniques and exploits targeting vulnerabilities
- Network and web application penetration testing
- Vulnerability assessments followed by providing best security practice recommendations and countermeasures
- Strong familiarity with multiple operating systems, databases, applications and platforms
- Understanding of SQL, XSS, CSRF, XXE, and other trends in web exploitation
- Working understanding of HTML and common web applications
- Thorough understanding of computer networking and the OSI model
- Cyber-threat research, reporting and development/implementation of vulnerability mitigation strategies
- Experience with network, web, and information security
- Programming experience is a plus
- Calculate and assess risk based on threats, vulnerabilities, and mitigating factors
- Expert knowledge in computer and network security
- Expert level knowledge in penetration testing methodology
- Knowledge of exploit development
- Knowledge of common IT technologies (OS, databases, network devices, applications)Familiarity in one or more of the following areas: application security, Linux/Windows system security, mobile device security, cloud technologies (IaaS, SaaS environments, etc.), and web technologies
- Demonstrated knowledge and experience evaluating IT process areas, such as logical and physical access, program development, change management, IT operations etc
- Strong project management skills and ability to multi-task
An active security clearance or the ability to obtain one may be required for this role.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Applicants for employment in the U.S. must possess work authorization which does not require now or in the future sponsorship by the employer for a visa.
Accenture is a federal contractor, an EEO and Affirmative Action Employer of Females/Minorities/Veterans/Individuals with Disabilities.
Equal Employment Opportunity
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
Accenture is committed to providing veteran employment opportunities to our service men and women.
Meet Some of Accenture's Employees
As a change management consultant, Nahomie focuses on helping clients successfully transition as their organizations adopt new systems and new processes.
Back to top