Penetration Tester - SME

Acuity is looking for a Penetration Tester to become part of the Department of State (DoS) Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative, effective and secure business processes. The DSCM program encompasses technical, engineering, data analytics, cyber security, management, operational, logistical and administrative support to aid and advise DoS Cyber & Technology Security (CTS) Directorate.  The Penetration Tester role will be in Rosslyn, VA and supports the Penetration Testing (Red Cell) Team. Some telework is permissible. 

Make an Impact!

Acuity, Inc. is a leading digital strategy consulting firm. We offer deep domain expertise to federal agencies who serve and protect our nation’s citizens, global reputation, and critical assets. We leverage proven industry partnerships and exceptional customer service to deliver measurable and transformative results. Our innovative, collaborative and rewarding work environment has earned repeat honors from The Washington Post and, we are an 8-time winner of the Washington Business Journal’s “Best Places to Work”. 

• Assess the current state of the customer’s system security by identifying all vulnerabilities and security measures. 
• Help the customer perform analysis and mitigation of security vulnerabilities. 
• Design, perform and report on penetration testing of systems including cloud to satisfy the NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, Penetration Testing Execution Standard (PTES), and Information Systems Security Assessment Framework (ISSAF). 
• Produce reports and conduct management briefings on test activities, scenarios, results and recommendations. 
• Understand how to create unique exploit code, bypass AV and mimic adversarial threats. 
• Stay abreast of current attack vectors and unique methods for exploitation of computer networks. 
• Provide support to incident response teams through capability enhancement and reporting. 
• Assist in Red Cell maintaining infrastructure 
• Develop or modify tools that automate discovery or exploitation (e.g. bash, Python, JavaScript, PowerShell) 
• Mentor Mid and Jr staff members by providing guidance on best security practices and communication techniques.   

To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:

• Bachelor’s Degree and a minimum of 9 years’ experience required. An additional 4 years of experience may be substituted in lieu of degree.
• Must have one of the following certs: CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR,CISA, CISSP, Cloud+,CySA+, GCED, GCIA, GCIH, GICSP, or SCYBER.
• Organize and lead efforts to document and design improvement strategies for discovered vulnerabilities and monitoring gaps.    
• Understand common web application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding. 
• Proficient at conducting network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques. 
• Proficient at conducting network or software vulnerability assessments and penetration testing utilizing automated and manual TTPs. 
• Proven capability in identifying intrusion or incident path and method; isolates, blocks or removes threat access. 
• Familiar with Linux and Windows Administration. 
• Proficient in evaluating system security configurations.  
• Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, etc. 
• Able to perform analysis of complex software systems to determine both functionality and intent of software systems.  
• Able to resolve highly complex malware and intrusion issues. 

Desired Qualifications:

• Experience with server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code development, offensive security operation coordination and communication, vulnerability tracking and remediation, mobile testing.
• Possess OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications. 

 Clearance Requirement:

• Must have Active Secret government clearance.

About Acuity Inc:

Acuity is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.

Acuity INC 11710 Plaza America Drive Suite 700 Reston, VA 20190

#CB

#LI-MD1