Report this Job
Clearance:
Public Trust
Note:
Candidates must be local to the Falls Church VA area, as this is an onsite role.
Job Description:
Systems Analyst supporting the Vulnerability Management & Assessments (VMA) program at the USPS.
The resource will be supporting Penetration Testing (PEN) and will be working with the RISK: (VMA) Team, and will be responsible for working in a team environment to conduct research/analysis of current and emerging Cyber Threats.
Will define requirements, test concepts, test equipment, develop data collection requirements for tests.
Requirements
Highly skilled in web application testing, API testing, and network testing
Prior experience with Burp Suite Professional, or other similar DAST tools
Experience with Kali Linux and most of the tools available in the distro for penetration testing
Experience with tools such as Metasploit Pro and Cobalt Strike for red team operations
Experience with Red Team engagements from planning to execution
Experience with phishing network users to gain access for lateral movement on the network
Experience with Purple Team engagements to test monitoring controls in coordination with engineering teams and CSOC teams.
Proficiency in scripting, such as Python and/or Powershell
Experience with penetration testing supporting PCI-DSS
Technical writing skills, along with ease in communicating concepts related to security vulnerabilities and attack path scenarios.
Familiar with OWASP Application Security Verification Standard (ASVS) and MITRE ATT&CK framework
Penetration testing certification recommended.
Acceptable certifications: Offensive Security Certified Professional (OCSP), Global Information Assurance Certification (GIAC) Certifications (e.g., GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN))
May provide supervisory, technical, and administrative direction for personnel performing system development tasks, including the review of work products for correctness, adherence to the design concept and to user standards, and for progress in accordance with schedules.
Formulates statements of management, scientific and business problems, and devises procedures for solutions of problems.
Experience level
4 years related work experience or eight years related work experience post high school
3 years experience in information systems programming
3 years experience in systems specification or structured analysis
3 years experience with project or process management
Education
Must possess a minimum of a Bachelors Degree in Computer Science, Information Technology or Information Security (Masters Degree preferred).
Certifications: (One or more required)
CompTIA Security +
CPTE - Certified Penetration Testing Engineer or CEH - Certified Ethical Hacker
Certified Information System Security Professional (CISSP)
Ohm Systems