Penetration Test & Vulnerability Test Engineers
Company: Careerbuilder-US
Location: Washington
Posted on: May 28, 2023
Job Description:
Skills -: IT Security; Cyber Security; Information Assurance;
Scanning
Job Description -:
- Conduct a PEN test to identify vulnerabilities existing in
network devices, information systems, services or web applications
that could be exploited by external parties.
- Conduct internal and external network penetration
tests
- Conduct internal and external graphical user interface web
application penetration tests
- Conduct internal and external web services application
penetration tests.
- Conduct wireless network penetration tests.
- Assist with support of existing firewalls, IDS/IPS, and access
control devices
- Conduct firewall and IPS policy reviews
- Monitor traffic and access logs in order to construct
additional policies and verify compliance
- Write technical documents and RFPs as necessary describing base
security requirements and architecture
- Work with corporate IT team to ensure that proper security
controls are identified, implemented, and tested which could affect
product, customers or ability to achieve certifications
- Responsible for submitting tickets for remediation of
vulnerabilities and potential issues found during penetration
tests.
- Work with Security Architects and Security Engineers to gather
information and conduct penetration tests.
- Writing and reviewing formal penetration test reports
documenting the detail of penetration test and all vulnerabilities,
potential issues, and strengths found during the test
- Review and process static source code vulnerability analysis
reports for Early Warning developed application as
directed
- Evaluate commercial and open source tools to be used for the
purposes of penetration testing
- Strong understanding of TCP/IP
- Complies with all security policies and procedures, to ensure
that the highest level of system and data confidentiality,
integrity and availability is maintained.
- Perform periodic SSAE16/SOC2/SOX compliance activities
- Perform web application vulnerability scans, provide
recommendations, and present findings
- Participate in an Incident Response Team as necessary
- Assist with data destruction and secure disposal of
hardware
- Conduct a software design and functional analysis of .NET
framework custom developed Internet applications, specifically, the
Board Portal and Secure Member and Employer Authentication. Analyze
and evaluate these applications to ascertain each application's
capacity to maintain data confidentiality, integrity, and
availability, by testing its ability to withstand external attack
or compromise.
- Evaluate the security of a public network's infrastructure
devices/systems via PEN testing, including Microsoft Servers,
Microsoft terminal services/remote desktop; Microsoft SQL Servers;
Microsoft Internet Information Server (IIS); Cisco routers and
switches; UNIX-OS; UNIX-based firewalls; Linux; Oracle
Server
- Conduct external penetration testing with the goal of revealing
vulnerabilities that could be exploited by an external threat or
attack. Classify the identified risks into Low, Medium or High
categories. Testing should include at a minimum (Note: No
production system downtime attributed to the PEN test is
acceptable.):
- Test public (Internet) facing servers and border security
devices for vulnerabilities or misconfigurations that could lead to
denial of service or defacement, or allow penetration to internal
systems or information,
- Discover the presence of open ports/unneeded services
exposure,
- Evaluate devices and systems for configuration errors or
improper security settings,
- Review public network security architecture for potential
weaknesses or vulnerabilities
- Assess resiliency to malware/malicious code intrusion.
- Pinpoint the weaknesses in the application/program that could
be exploited by an external threat and explain in detail the
potential damage an external attack could cause. The
application-level security assessments shall address, at a minimum,
the following functional areas:
- Presence of programming, design, or implementation flaws/code
bugs that could open a vector to attack downstream application
software
- User authentication security
- Access control mechanisms
- Data communications integrity and confidentiality
protections
- Session management protections against attacks such as
man-in-the-middle, session hijacking or session replay
- Cryptographic module integrity (proper key
management/selection, weak or crackable algorithms),
- Adequate input validation protections against attack, such as
Cross-site scripting (XSS), SQL injection, or buffer overflows,
and
- Presence of adequate auditing/logging of system events to
preserve non-repudiation integrity and assess the capabilities
present to detect/alert on targeted attacks or malicious
activities.
- Isolate and identify security vulnerabilities discovered in
network perimeter security devices. This process shall include
documenting operating system vulnerabilities and system
misconfigurations, Web server and back-end database server
vulnerability to targeted attacks (e.g., XSS, SQL injection,
defacement, etc.), susceptibility of internal system resources and
data to compromise, security control inadequacies, and other
identified security risks.
- Provide status updates of project plan activities on a weekly
basis to the PM. Coordinate meeting(s) between technical team and
Agency personnel to review findings and recommend appropriate
corrective actions or countermeasures the Agency should take to
mitigate risks identified in both the PEN test and applications
testing. Prioritize risks (High, Medium or Low).
Keywords: Careerbuilder-US, Washington DC , Penetration Test & Vulnerability Test Engineers, Engineering , Washington, DC
Didn't find what you're looking for? Search again!
Loading more jobs...
