CSSP Analyst and Penetration Tester

The Challenge:

Everyone knows security needs to be “baked in” to a system architecture, but you actually know how to bake it in. You can identify and implement ways to harden systems and reduce their attack surface. What if you could use your cyber engineering skills to design and build secure systems for customer? We’re looking for an engineer who can help create solutions for customer that will stand up to even the most advanced cyber threats.

As a cyber operations engineer on our project, you’ll design, implement and evaluate a program for penetration testing. You’ll work with in house SMEs, other SOC analysts, and Booz Allen professionals to identify the right mix of tools and techniques to translate your customer’s needs and future goals into a plan that will enable secure and effective solutions. We need to come up with the best solution, so you’ll investigate new techniques, break free from the legacy model, and go where the industry is going. As a team, we’ll take a critical approach to the program design, providing alternatives and customizing solutions to maintain a balance of security and mission needs. This is a chance to learn from a team of experts as you make a difference in the security of support to the warfighter. Your contributions will help customers overcome their most difficult challenges by integrating secure practices like conducting penetration tests, running web application testing tools and performing manual testing. You’ll be able to gain experience in analyzing vulnerabilities while helping develop platform specific remediation plans while building peace of mind in a critical infrastructure. Join our team as we improve support to the warfighter through cyber security.

Empower change with us.

You Have:

  • 4+ years of experience with conducting penetration tests, running web application testing tools, performing manual testing and source code review using tools, validating test results, analyzing vulnerabilities, and helping develop platform specific remediation plans
  • Experience with programming or scripting languages
  • Experience with Burp Suite, Metasploit, Kali, or common application security tool sets, including fuzzers, proxies, or code analysis
  • Knowledge of the tools, tactics, procedures, and counter measures
  • Ability to work a 12am-12pm or 12pm-12am shift, including some weekends

  • Ability to provide monitoring and risk analysis of zero-day and other vulnerabilities
  • Secret clearance
  • HS diploma or GED

  • DoD 8570 Baseline IAT Level II, CSSP Anal Certification

Nice If You Have:

  • 1+ years of experience in a SOC

  • Experience with log review and analysis

  • Experience with Cybersecurity forensics tools and methodologies
  • Experience with network ports and protocols
  • Knowledge of industry, government and DoD best practices, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors

  • Knowledge of DoD system solutions to mitigate risk in any activity that potentially impacts the security of existing IT and information management

  • Ability to correlate disparate datasets to identify abnormal behavior
  • Ability to apply NIST, federal, and DoD guidelines, policies, directives, and memos as they relate to Cybersecurity

  • Ability to pay strict attention to detail

  • Possession of excellent analytical and collaboration skills

  • GPEN, LPT, OSCP, CPT, or related certifications

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.