Key Responsibilities:
- Plan, scope, and execute penetration tests against various technologies including web applications, mobile platforms, and federal cloud infrastructures.
- Conduct comprehensive network/application vulnerability assessments using both automated and manual techniques.
- Execute penetration testing engagements following DHS CISA AES Penetration Testing Standards and Methodologies.
- Conduct independent AES assessments and provide detailed, executive-level out briefs to Federal leadership.
- Collaborate with stakeholders to identify key risks and design actionable programs and countermeasures to address security gaps.
- Provide thorough documentation, including technical findings, risk ratings, remediation strategies, and test results.
- Lead assessments on an individual basis to raise the security posture across Federal enterprises and support High Value Asset (HVA) protection.
- Communicate technical risks and vulnerabilities in an understandable and actionable manner for both technical and non-technical audiences.
Plan, scope, and execute penetration tests against various technologies including web applications, mobile platforms, and federal cloud infrastructures.
Conduct comprehensive network/application vulnerability assessments using both automated and manual techniques.
Execute penetration testing engagements following DHS CISA AES Penetration Testing Standards and Methodologies.
Conduct independent AES assessments and provide detailed, executive-level out briefs to Federal leadership.
Collaborate with stakeholders to identify key risks and design actionable programs and countermeasures to address security gaps.
Provide thorough documentation, including technical findings, risk ratings, remediation strategies, and test results.
Lead assessments on an individual basis to raise the security posture across Federal enterprises and support High Value Asset (HVA) protection.
Minimum Qualifications:
- Education:Bachelorās degree in Cybersecurity, Computer Science, Information Technology, or related field.
- Experience:Minimum10 yearsof professional IT or cybersecurity experience.At least6 yearsof experience conducting penetration testing and web application security testing.5 yearsof experience performing network/application vulnerability assessments and delivering actionable remediation plans.5 yearsof direct experience working with federal clients to improve security postures.1 yearof experience conductingCISA Assessment Evaluation and Standardization (AES)independently.1 yearof experience withDHS CISA AES Pen Testing Standards and Methodologies.
- Minimum10 yearsof professional IT or cybersecurity experience.
- At least6 yearsof experience conducting penetration testing and web application security testing.
- 5 yearsof experience performing network/application vulnerability assessments and delivering actionable remediation plans.
- 5 yearsof direct experience working with federal clients to improve security postures.
- 1 yearof experience conductingCISA Assessment Evaluation and Standardization (AES)independently.
- 1 yearof experience withDHS CISA AES Pen Testing Standards and Methodologies.
Education:
Experience:
10 years
6 years
5 years
5 years
1 year CISA Assessment Evaluation and Standardization (AES)
Certifications (Preferred):
- Required:DHS CISAAES Operator Role CertificationCertification through DHS CISA Assessment Evaluation and Standardization (AES)
- DHS CISAAES Operator Role Certification
- Certification through DHS CISA Assessment Evaluation and Standardization (AES)
- Preferred (One or more):Certified Ethical Hacker (CEH)CompTIA PenTest+CompTIA Security+CompTIA Network+OSCP or equivalent cybersecurity credentials
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
- CompTIA Security+
- CompTIA Network+
- OSCP or equivalent cybersecurity credentials
Required:
AES Operator Role Certification
Certification through DHS CISA Assessment Evaluation and Standardization (AES)
Preferred (One or more):
Certified Ethical Hacker (CEH)
CompTIA PenTest+
CompTIA Security+
CompTIA Network+
OSCP or equivalent cybersecurity credentials