Penetration Tester/Expert in Herndon, VA at Booz Allen Hamilton Inc.

Date Posted: 7/11/2018

Job Snapshot

Job Description

Job Number: R0032498

Penetration Tester/Expert

Key Role:

Conduct assessments of threats and vulnerabilities, assess the level of risk, and develop and recommend appropriate mitigation countermeasures. Develop and conduct tests of systems to evaluate compliance with specifications and requirements by validating technical, functional, and performance characteristics of systems or elements of systems. Develop attack vectors, conduct reconnaissance, collect open-source intelligence, enumeration, and foot-printing of target platforms, network, and service, and develop exploit payloads and system backdoors to identify vulnerabilities or weaknesses. Provide team leadership for pen testing teams and complex projects. Build and deliver training modules and platforms to train and develop team personnel.

Basic Qualifications:

-8+ years of experience with penetration testing, red team operations, or technical vulnerability analysis

-4+ years of experience with all phases of penetration testing, including planning, discovery, attack, and reporting

-Experience with running enumeration and scanning tools, including NMAP, penetration testing tools, including password cracking tools, Metasploit, Windows Command Line, and Power Shell, and effective pen testing strategies and techniques

-Experience with Web application reconnaissance and attack, exploit development, and malware reverse engineering

-Experience with shellcode, PowerShell, and Python scripting to support exploit development and pen testing

-Experience with leading penetration testing teams, complex projects and workstreams, and junior staff training initiatives

-Ability to obtain a security clearance

-BA or BS degree

Additional Qualifications

-Experience with advanced penetration test techniques, including protocol fuzzing and stack overflow exploits, exploiting restricted Windows or Linux client environments using PowerShell, and exploiting weaknesses in cryptographic implementations

-MA or MS degree

-SANS GIAC Penetration Tester (GPEN), SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), or Offensive Security Certified Professional (OCSP) Certification


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.


Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.