Senior Penetration Tester

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™

ASRC Federal is actively hiring an Assured Compliance Assessment Solution (ACAS) Engineer in support of our Defense Counterintelligence Security Agency (DCSA) program based out of Quantico VA.

Remote flexibility available! Telework offered with a requirement to be onsite up to two (2) days a week at Quantico Marine Corps Base VA.

Position Description:

The Cybersecurity Penetration Tester is a hands-on technical role responsible for conducting simulated attacks on systems and networks to identify vulnerabilities and weaknesses that could be exploited by malicious actors. This role requires a deep understanding of security principles, hacking techniques, and attack methodologies. The Penetration Tester will plan, execute, and document penetration tests, provide recommendations for remediation, and contribute to the overall improvement of the organization's security posture.

Minimum Requirements:

• Minimum of 5 - 7 years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures.
• Proven experience conducting penetration tests of web applications, networks, and other systems.
• Experience with a variety of penetration testing tools and techniques (e.g., Rapid7 Nexpose, Appspider Pro, Metasploit, Cobalt Strike and/or Burp Suite).
• Active Top-Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI
• Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Must meet 8570 certification requirements at the time of hire. IAT II Information Assurance Baseline (e.g., CASP+ CE, CCMP Security, CISA, CISSP, GCED, GCIH, Security+ CE or CCSP) In addition to the IA baseline, a CSSP Auditor cert is preferred (e.g., CEH, CySA+, CISA, GSNA, CFR or PenTest)

Responsibilities:

• Penetration Testing:
  • Conduct penetration tests of web applications, mobile applications, networks, cloud environments, and other systems.
  • Utilize a variety of tools and techniques to identify vulnerabilities, including SQL injection, cross-site scripting (XSS), buffer overflows, and other common attack vectors.
  • Perform reconnaissance to gather information about target systems and networks.
  • Develop and execute exploit code to demonstrate the impact of identified vulnerabilities.
  • Bypass security controls and evade detection.

• Vulnerability Assessment:

• • Perform vulnerability assessments using automated scanning tools and manual techniques.
  • Analyze scan results to identify false positives and prioritize vulnerabilities.
  • Develop custom scripts and tools to automate vulnerability assessment tasks.

• Reporting and Documentation:

• • Document all findings in detailed and comprehensive reports, including descriptions of vulnerabilities, methods used to exploit them, and recommendations for remediation.
  • Present findings to stakeholders, including technical teams and management.
  • Create and maintain documentation on penetration testing methodologies, tools, and techniques.

• Remediation Support:

• • Provide guidance and technical assistance to system owners and developers on vulnerability remediation.
  • Validate remediation efforts to ensure that vulnerabilities have been properly addressed.
  • Conduct retests to verify the effectiveness of implemented security controls.

• Research and Development:

• • Stay up-to-date on the latest security threats, vulnerabilities, and attack techniques.
  • Research and evaluate new penetration testing tools and methodologies.
  • Develop custom tools and scripts to enhance penetration testing capabilities.
  • Contribute to the development of security policies and procedures.

• Collaboration:

• • Collaborate with other cybersecurity professionals, including security architects, incident responders, and security engineers.
  • Share knowledge and expertise with team members.
  • Participate in security training and awareness programs.

• Ethical Hacking:

• • Conduct all penetration testing activities in a legal and ethical manner, adhering to established rules of engagement.
  • Protect the confidentiality and integrity of sensitive data.
  • Respect the privacy of users and systems.

Work Environment and Physical Demands:

• This is primarily a Telework position with a requirement to be onsite up to two (2) days a week
• If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection
• Must be able to communicate complex technical ideas to a diverse customer base both verbally and in written form

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.