Penetration Tester (Senior)

ECS is seeking a Penetration Tester (Senior) to work in our Windsor Mill, MD office.  

Iron Vine Security, an ECS Federal company, is a rapidly growing information security and information technology company in Fairfax, VA. We are looking to hire a Penetration Tester to provide a full range of cyber security testing services on a long-term contract in Baltimore, MD. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.  

Position Responsibilities:  

• Conduct network and web-based application penetration tests 
• Provide advisement on countermeasures to mitigate threats 
• Identify security deficiencies and determine the efficacy of security controls design and implementation 
• Provide vulnerability to exploit mapping 
• Probe for vulnerabilities in web applications 
• Conduct physical security assessments and wireless security assessments as required 
• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets 
• Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities 
• Research, document and discuss security findings with team members 
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws 
• Provide feedback and verification as an organization fixes security issues 
• Simulate internal lateral movement activities  
• Provide mentorship and guidance to Junior and Mid Penetration Testers. 

Salary Range: $128,000-130,000

General Description of Benefits

• 7+ years of IT experience to include 4+ years of experience in either information security, development, or system/network administration. 
• Bachelor’s degree in an IT related field or equivalent education or work experience. 
• Programming experience with focus on development, security, or process automation 
• Working knowledge of TCP/IP ports and protocols 
• Working proficiency with Windows and UNIX operating systems 
• Working knowledge of firewalls, routing, switching, and other network security products 
• Familiarity with web proxy tools such as Burp, ZAP, and Fiddler 
• Knowledge of security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc. 
• Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, Wireshark, Nikto, etc. 
• Excellent written and oral communication skills. Must be able to document security deficiencies write Security Assessment reports, Standard Operating Procedure documents, etc. 
• Self-motivated and able to work in an independent manner 
• U.S. Citizen - must be able to obtain "Public Trust" level clearance. (SF-85 and SF-86 submission required)