WashingtonRecruiter Since 2001
the smart solution for Washington DC jobs

Penetration Test & Vulnerability Test Engineers

Company: Careerbuilder-US
Location: Washington
Posted on: May 28, 2023

Job Description:

Skills -: IT Security; Cyber Security; Information Assurance; Scanning

Job Description -:

  • Conduct a PEN test to identify vulnerabilities existing in network devices, information systems, services or web applications that could be exploited by external parties.
  • Conduct internal and external network penetration tests
  • Conduct internal and external graphical user interface web application penetration tests
  • Conduct internal and external web services application penetration tests.
  • Conduct wireless network penetration tests.
  • Assist with support of existing firewalls, IDS/IPS, and access control devices
  • Conduct firewall and IPS policy reviews
  • Monitor traffic and access logs in order to construct additional policies and verify compliance
  • Write technical documents and RFPs as necessary describing base security requirements and architecture
  • Work with corporate IT team to ensure that proper security controls are identified, implemented, and tested which could affect product, customers or ability to achieve certifications
  • Responsible for submitting tickets for remediation of vulnerabilities and potential issues found during penetration tests.
  • Work with Security Architects and Security Engineers to gather information and conduct penetration tests.
  • Writing and reviewing formal penetration test reports documenting the detail of penetration test and all vulnerabilities, potential issues, and strengths found during the test
  • Review and process static source code vulnerability analysis reports for Early Warning developed application as directed
  • Evaluate commercial and open source tools to be used for the purposes of penetration testing
  • Strong understanding of TCP/IP
  • Complies with all security policies and procedures, to ensure that the highest level of system and data confidentiality, integrity and availability is maintained.
  • Perform periodic SSAE16/SOC2/SOX compliance activities
  • Perform web application vulnerability scans, provide recommendations, and present findings
  • Participate in an Incident Response Team as necessary
  • Assist with data destruction and secure disposal of hardware
  • Conduct a software design and functional analysis of .NET framework custom developed Internet applications, specifically, the Board Portal and Secure Member and Employer Authentication. Analyze and evaluate these applications to ascertain each application's capacity to maintain data confidentiality, integrity, and availability, by testing its ability to withstand external attack or compromise.
  • Evaluate the security of a public network's infrastructure devices/systems via PEN testing, including Microsoft Servers, Microsoft terminal services/remote desktop; Microsoft SQL Servers; Microsoft Internet Information Server (IIS); Cisco routers and switches; UNIX-OS; UNIX-based firewalls; Linux; Oracle Server
  • Conduct external penetration testing with the goal of revealing vulnerabilities that could be exploited by an external threat or attack. Classify the identified risks into Low, Medium or High categories. Testing should include at a minimum (Note: No production system downtime attributed to the PEN test is acceptable.):

    • Test public (Internet) facing servers and border security devices for vulnerabilities or misconfigurations that could lead to denial of service or defacement, or allow penetration to internal systems or information,
    • Discover the presence of open ports/unneeded services exposure,
    • Evaluate devices and systems for configuration errors or improper security settings,
    • Review public network security architecture for potential weaknesses or vulnerabilities
    • Assess resiliency to malware/malicious code intrusion.

    • Pinpoint the weaknesses in the application/program that could be exploited by an external threat and explain in detail the potential damage an external attack could cause. The application-level security assessments shall address, at a minimum, the following functional areas:

      • Presence of programming, design, or implementation flaws/code bugs that could open a vector to attack downstream application software
      • User authentication security
      • Access control mechanisms
      • Data communications integrity and confidentiality protections
      • Session management protections against attacks such as man-in-the-middle, session hijacking or session replay
      • Cryptographic module integrity (proper key management/selection, weak or crackable algorithms),
      • Adequate input validation protections against attack, such as Cross-site scripting (XSS), SQL injection, or buffer overflows, and
      • Presence of adequate auditing/logging of system events to preserve non-repudiation integrity and assess the capabilities present to detect/alert on targeted attacks or malicious activities.

      • Isolate and identify security vulnerabilities discovered in network perimeter security devices. This process shall include documenting operating system vulnerabilities and system misconfigurations, Web server and back-end database server vulnerability to targeted attacks (e.g., XSS, SQL injection, defacement, etc.), susceptibility of internal system resources and data to compromise, security control inadequacies, and other identified security risks.
      • Provide status updates of project plan activities on a weekly basis to the PM. Coordinate meeting(s) between technical team and Agency personnel to review findings and recommend appropriate corrective actions or countermeasures the Agency should take to mitigate risks identified in both the PEN test and applications testing. Prioritize risks (High, Medium or Low).

Keywords: Careerbuilder-US, Washington DC , Penetration Test & Vulnerability Test Engineers, Engineering , Washington, DC

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account