Penetration Tester

  • SAIC, Inc
  • Fairmont, WV 26554, USA
  • Apr 01, 2021

Job Description

Description

SAIC is looking for a Penetration Tester responsible for developing and simulating real-life cyber attacks with the goal of helping organizations improve their security posture. This is a highly technical hands-on role that will utilize knowledge/experience in operating systems, system administration and creativity skills. It is an opportunity for a team player to enhance a world-class team and learn new skills.

• Conduct host/network/application penetration testing as a member of a technical team

• Perform full-scope penetration tests (discovery and exploitation of vulnerabilities) on live network infrastructure, services, Active Directory environments, and other systems/applications

• Able to test, identify and exploit trust, misconfigurations and vulnerabilities in live MS Active Directory environments without getting detected by advanced commercial security solutions

• Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)

• Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)

• Able to write scripts in PowerShell, bash and a preferred scripting language

• Research and formulate recommendations for vulnerabilities found during assessments

• Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.

• Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws

• Develop proof-of-concept examples and scenarios for reports and live demonstrations

• Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members

Qualifications

TYPICAL EDUCATION AND EXPERIENCE:

Bachelors and five (5) years or more experience; Masters and three (3) years or more experience; PhD and 0 years related experience.

Required Skills:

  • Conduct host/network/application penetration testing as a member of a technical team
  • Perform full-scope penetration tests (discovery and exploitation of vulnerabilities) on live network infrastructure services, Active Directory environments and other systems/applications
  • Able to test, identify and exploit trust, misconfigurations, and vulnerabilities in live MS Active Directory environments without getting detected by advanced commercial security solutions
  • Test the exploitation of security policies and access controls in restricted/secure environments e.g. GPO bypass, privilege escalation, and A/V evasion)
  • Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
  • Able to write scripts in PowerShell, Bash, and a preferred scripting language
  • Research and formulate recommendations for vulnerabilities found during assessments
  • Employ extensive use of Microsoft Office main tools:  Word, Excel< PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
  • Able to present, demonstrate, explain, and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
  • Develop proof-of-concept examples and scenarios for reports and live demonstrations
  • Create/document tactics, techniques, and procedures (TTP) to train and expand/share knowledge with customers and team members

Preferred Skills:

  • Able to review, modify and develop programs or scripts in Assembly, C++, C#, VBS, Python, Perl, Ruby, PowerShell, Bash, JavaScript, Java, PHP and other languages to exploit systems/applications, analyze data, configure systems and automate tasks
  • Review custom applications source code for security flaws and vulnerabilities
  • Able to test, identify and exploit vulnerabilities in web applications without the use of scanning tools

Target salary range: $95,001 - $105,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.