Penetration Tester - FCC

Washington, DC

⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️

Full Time Senior-level / Expert USD 120K - 223K * ^est.

cFocus Software Incorporated

Our exclusive ATO as a Service™ software & expert services automate FISMA RMF & FedRAMP compliance.

View all jobs at cFocus Software Incorporated

Posted 7 hours ago

cFocus Software seeks a Penetration Tester to join our program supporting the Federal Communications Commission (FCC). This position is on-site in Washington, DC.

Qualifications:

Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Technologies, or other related fields
Certified Information Systems Security Professional (CISSP) or Information Systems Security Engineering Professional (ISSEP) certifications required. and Microsoft Certified Cybersecurity Architect Expert
7+ years of experience performing cyber infrastructure support activities in Enterprise Cybersecurity Support government contracts
Core competencies in Cybersecurity Engineering practices
Possess the knowledge, skills, tasks, and capabilities described in the Work Role for Infrastructure Support (PD-WRL-004) as outlined in the NICE Work Role Framework

Duties:

Identify vulnerabilities and weaknesses within FCC systems, determining exposure and complexity of exploits.
Conduct penetration testing of the enterprise IT environment.
Assess the effectiveness of security controls implemented to protect FCC systems in support of the Authorization Process and Security Impact Analysis through Change Management.
Mimic attacks of threat actors are defined by the Cyber Threat Intelligence (CTI) Team to assess and improve IT system resilience, SOC monitoring effectiveness, and tuning security tools within the FCC.
Perform ad hoc, focused pen tests to validate the effectiveness of corrective actions to address identified weaknesses.
Perform Penetration Testing Services for any internal or public websites and associated systems
Develop and execute plans that include penetration testing of all OCIO systems.
Validate remediations by re-testing all Critical and High findings identified through penetration testing.
Perform network mapping and vulnerability scanning, support phishing simulations, report findings, and make remediation recommendations.
Develop a Quarterly Penetration Testing Schedule and Annual Internal Penetration Testing Standard Operating Procedures (SOP).
Identify and assess vulnerabilities within FCC systems.
Conduct comprehensive penetration tests across the enterprise IT environment.
Evaluate security control effectiveness during the Authorization Process and Security Impact Analysis.
Simulate attacks in line with CTI Team strategies to enhance IT system resilience and SOC monitoring capabilities.
Execute ad hoc penetration tests to verify the effectiveness of corrective actions.
Perform tests on internal and public-facing websites and their associated systems.
Develop and implement detailed penetration testing plans for OCIO systems.
Re-test Critical and High findings to confirm remediation effectiveness.
Execute network mapping, vulnerability scanning, and phishing simulations. document and recommend remediation strategies.
Create and maintain a Quarterly Penetration Testing Schedule and an Annual Internal Penetration Testing SOP.