Whitebox Penetration Test Engineer, Mid

Key Role:

Collaborate with a team of creative problem solvers to test and evaluate systems using penetration test methodologies through a Whitebox adversarial approach for a government client supporting Air Force clients. Plan, assess, test, analyze, and report information on security vulnerabilities and possible exploitations present in a variety of complex and secure computer systems. Work with commercial and government open source vulnerability assessment tools and techniques to evaluate operating systems, databases, and Web applications. Build capabilities by learning from others' expertise within a diversely skilled team. This position is located in Rome, NY.

Basic Qualifications:

-2+ years of experience with security, including penetration testing and vulnerability assessments

-Experience with the Pen Test process, including steps and procedures

-Experience with any of the common scripting languages, including Ruby, Python, or Bash

-Ability to travel up to 25% of the time

-Active Secret clearance

-HS diploma or GED

-Security+ Certification or ability to obtain within 6 months of hire

Additional Qualifications:

-Experience with developing and executing test plans and procedures

-Experience with programming in one or more of the following: C, C++, C#, Java, Perl, Python, and Linux or UNIX Shell Scripting

-Experience with vulnerability analysis, reverse engineering, or adversarial emulation

-Knowledge of the UNIX or Linux operating systems, TCP/IP protocol stack, and networking tools

-Knowledge of building and managing Virtual systems, including VMware, ESXi, or Xen

-Knowledge of security tools and products, including Fortify, AppScan, Nessus, Nmap, or Netcat
-Knowledge of penetration attack strategies for Web services, databases, and e-mail, Forensics tools, and Cryptography principles

-Knowledge of security frameworks, including ISO 27001 and 27002, NIST 800-53, MITRE ATT&CK Framework and the Metasploit framework

-Knowledge of enterprise-level solution storage and databases, including relational databases, database management systems, enterprise storage systems, or security concerns for these systems

-Ability to parse and decode various application level protocols, including XML, HTTP, and MPEG

-CEH, CPT, CEPT, GPEN, OSCP or CISSP Certification

-TS/SCI clearance


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.