Cyber Security - Penetration Tester

BAE Systems, Inc. Cyber Security Engineering team is seeking a Penetration Tester to perform external network-level testing against company assets to include black-box testing with no prior knowledge of systems as well as white-box testing with complete knowledge of systems. The position is located in our Reston, VA office.

Internal network-level testing will be performed on internal networks and systems. Application-level testing to involve analysis of application to identify vulnerabilities created through maintenance, configuration or architectural issues, using unauthenticated and authenticated perspectives. Extrusion testing will be done to determine how easily sensitive information can be pushed from the inside out testing DLP systems, proxies and security monitoring.

Must have a familiarity with vulnerability management tools such as but not limited to Qualys, McAfee Vulnerability Manager, WebInspect and Nessus. And more importantly have the ability to understand and articulate scan results.

Assigned tasks may include:

  • Performing network-based security assessments
  • Performing security assessments on Internet-facing applications
  • Performing security assessments on software applications
  • Performing penetration tests across public networks
  • Performing penetration tests across internal networks
  • Performing assessments of physical security using social engineering
  • Developing testing scripts and procedures
  • Other security-related projects that may be assigned according to skills

Minimum Education and Experience Bachelor’s Degree and 12 years work experience or equivalent experience Required Skills and Education · Able to obtain a Secret clearance

  • OSCP or GPEN
  • Strong ethics and understanding of ethics in business and information security
  • English language written communication skills

Preferred Skills and Education · Ability to read source code (java, php and javascript primarily)

  • Web application penetration testing (should be very familiar with the owasp top 10)
  • Experience with HP Fortify, Nmap, Nessus, WebInspect, w3af, AppDetective, Burp Suite and similar tools
  • Able to assist in determining short term mitigation (Waf rules, signatures, etc ) and long term remediation based on the issue and tools available
  • Able to clearly communicate findings from automated tools and manual testing
  • Understanding the basic principles of agile development would be helpful. Mainly managing expectations.

About BAE Systems, Inc. BAE Systems is a premier global defense and security company with approximately 90,000 employees delivering a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support and services. People are the greatest asset in any Company. BAE Systems is committed to hiring and retaining a diverse workforce. Equal Opportunity Employer/Females/Minorities/Veterans/Disabled/Sexual Orientation/Gender Identity/Gender Expression EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression

Back to top