Penetration Tester, Senior

Key Role:

Work as a Product Vulnerability Researcher for a complex security platform to identify flaws in hardware and software. Utilize the latest techniques in vulnerability/exploit research for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and decisively taking action to mitigate emerging threats throughout a full secure development life-cycle (SDLC). Help design security controls and validate that our services, applications, and emerging technologies are designed and implemented to the highest security standards. This position is a hybrid role with a combination of working at a Booz Allen office or client site and working remotely.

Basic Qualifications:

  • 5+ years of experience developing security tools and penetration testing scripts
  • 5+ years of experience performing application and infrastructure penetration testing to discover and exploit vulnerabilities
  • Experience with modern exploitation techniques, exploit mitigation techniques, and software protections or binary armoring
  • Experience with software development and testing in Python, Java, JavaScript, C/C++, or ASM
  • Knowledge of OS Internals
  • Knowledge of the system engineering lifecycle, including security architecture, software security, intrusion detection, and defensive countermeasures
  • Ability to develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations
  • Secret clearance
  • HS diploma or GED

Additional Qualifications:

  • Experience with offensive security research & development and maintaining both an on-premise and cloud-hosted attack lab environment
  • Knowledge of Red Team concepts and adversarial tradecraft against physical and software defined networking, operating systems, web applications, databases, and modern container orchestration frameworks
  • Knowledge of the Penetration Testing Execution Standard (PTES)
  • Knowledge of MITRE ATT&CK Framework and its application
  • Knowledge of Linux/Red Hat preferred
  • Knowledge of IT concepts like Active Directory, TCP/IP, 802.11x, IPSEC, HTTPS, ICAM, Cryptography, and Cloud
  • Ability to develop custom tools and tradecraft to automate tasks
  • Ability to communicate upwards and to peers and presenting technical subjects to non-technical audiences
  • TS/SCI clearance with a polygraph
  • OSCP, OSWP, OSEP, OSCE, OSWA, or OSWE certifications

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

Not ready to apply? Join our talent community and sign up for job alerts.