Pen Tester Red Team Junior

ECS is seeking a Pen Tester Red Teamer Junior to work in our Windsor Mill, MD office.  

Position Summary: 

Iron Vine Security, an ECS Federal company, is a rapidly growing information security and information technology company in Fairfax, VA. We are looking to hire a Penetration Tester/Red Teamer to provide a full range of cyber security testing services on a long-term contract in Baltimore, MD. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance. 

Position Responsibilities:  

• Conduct manual Network/Host and Web/API application penetration testing 

• Provide advisement on countermeasures to mitigate threats 

• Identify security deficiencies and determine the efficacy of security controls design and implementation 

• Provide vulnerability to exploit mapping 

• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets 

• Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities 

• Research, document and discuss security findings with team members 

• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws 

• Provide feedback and verification as an organization fixes security issues 

• Conduct Red Teaming Exercises simulate advanced threat actor tactics, techniques, and procedures (TTPs) 
•  

Salary Range: $78,000 - $83,000 
General Description of Benefits

3+ years of IT experience to include 1+ years of experience in either information security, development, or system/network administration. 

• Bachelor’s degree in an IT related field or equivalent education or work experience preferred 

• Programming experience preferred 

• Working knowledge of TCP/IP ports and protocols 

• Working proficiency with Windows and UNIX operating systems 

• Working knowledge of firewalls, routing, switching, and other network security products 

• Familiarity of security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc. 

• Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, Wireshark, Nikto, etc. 

• Excellent written and oral communication skills. Must be able to document security deficiencies write Security Assessment reports, Standard Operating Procedure documents, etc. 

• Self-motivated and able to work in an independent manner 

• U.S. Citizen - must be able to obtain "Public Trust" level clearance. (SF-85 and SF-86 submission required) 

Additional Experience Preferred: 

• Experienced in at least one related functional area (network security, programming, databases, mainframes, apis, web applications, red teaming, etc.)  

• Application/Systems development experience preferred  

• An In-Depth familiarity with Linux, MS Windows, or both 

• Familiarity with programming/scripting in multiple languages (Python and PowerShell a plus) 

• Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and Open-Source Security Testing Methodology Manual (OSSTMM)