Penetration Tester - Sme

TMC Technologies is in search of a Penetration Tester subject matter expert to support a federal client in Rosslyn, VA. The candidate must be a US citizen and possess the ability to obtain an interim Secret clearance to start due to federal contract requirements. The Penetration Tester - SME, in support of the Penetration Testing (Red Cell) Team, will:

• Design, perform and report on penetration testing of systems including cloud to satisfy the NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, Penetration Testing Execution Standard (PTES), and Information Systems Security Assessment Framework (ISSAF).
• Mentor Mid and Jr staff members by providing guidance on best security practices and communication techniques.
• Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures. Helps customer perform analysis and mitigation of security vulnerabilities.
• Understand how to create unique exploit code, bypass AV and mimic adversarial threats.
• Provide support to incident response teams through capability enhancement and reporting.
• Develop or modify tools that automate discovery or exploitation (e.g. bash, Python, JavaScript, PowerShell)
• Assist in Red Cell maintaining infrastructure
• Stay abreast of current attack vectors and unique methods for exploitation of computer networks.
• Produce reports and conduct management briefings on test activities, scenarios, results and recommendations.

• Able to perform analysis of complex software systems to determine both functionality and intent of software systems.
• Proficient at conducting network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques.
• Proficient in evaluating system security configurations.
• Bachelor’s Degree and a minimum of 9 years’ experience required. An additional 4 years of experience may be substituted in lieu of degree.
• Organize and lead efforts that document and design improvement strategies for discovered vulnerabilities and monitoring gaps.
• Proficient at conducting network or software vulnerability assessments and penetration testing utilizing using automated and manual TTPs.
• Must have one of the following certs: CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR,CISA, CISSP, Cloud+,CySA+, GCED, GCIA, GCIH, GICSP, or SCYBER.
• Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, etc.
• Understand common web application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
• Familiar with Linux and Windows Administration
• Proven capability in identifying intrusion or incident path and method; isolates, blocks or removes threat access.
• Able to resolve highly complex malware and intrusion issues.
• US Citizenship is required and the ability to obtain interim Secret clearance before start date.