Penetration Testing Team Lead
gTANGIBLE Corporation (gTC), www.gtangible.com, is a C corporation and a registered Government contractor that provides services and solutions in:
- National Security Programs
- Professional, Administrative, and Management Support
- Mission and Warfighter Support
We are a Service Disabled Veteran Owned Small Business (SDVOSB) and the founder has years of successful experience in the Government contracting arena. Our leadership team is an exceptional group of Government contracting professionals. gTANGIBLE is in the process of identifying candidates for the following position.
Requisition Type: Full Time
Position Status: Contingent
Position Title: Penetration Testing Team Lead
Location: National Capital Region
Duties and Responsibilities
The Penetration Testing Team Lead supports this Transportation Security Administration Information Technology (TSA IT) Task Order (TO) by overseeing efforts aimed at performing security attacks against all types of IT assets, and exploiting vulnerabilities found to determine if further reach within the engagement scope can be obtained. Provide final reports and presentations of the findings identified to personnel with a variety of technical knowledge to enable TSA IT management to make informed decisions about how to address the identified findings. Occasional off-hours testing and periodic travel required.
Team duties include the following:
- Become, and remain familiar with, TSA and DHS security policies and Technical Standards relating to all aspects of IT asset configuration facilitate effective penetration testing engagements. Make recommendations for updates, additions, and modifications to TSA security policy as gaps or deficiencies in security policy are identified.
- Engage with testing engagement stakeholders to gather all required information needed to tailor the engagement Rules of Engagement and to create detailed test plans. Tailoring of the Rules of Engagement (ROE) must be identified to, and approved by, Information Assurance and Cybersecurity Division (IAD) federal personnel prior to inclusion in any ROE document.
- Execute penetration testing engagements according to IAD’s penetration testing methodology and in accordance with documented Rules of Engagement for the specific engagement.
- Troubleshoot any technical issues preventing successful completion of testing engagements within the scheduled time allotted for the engagement (i.e. hardware issues, bad credentials, incorrect access paths, etc.).
- Review penetration test stakeholder responses to findings concerning mitigation or remediation activities being taken to address penetration test findings. This review is to provide an opinion on the effectiveness of the proposed solutions to remove or reduce the risk posed by the targeted findings.
- Coordinate with the TSA Security Operations Center (SOC) to provide assistance with SIEM detection content to improve the TSA SOC’s ability to detect activities performed during penetration testing engagements.
Knowledge and Qualifications
- At least eight (8) years of technical IT security experience. Such experience can come from system or network administration, security analysis, security testing and evaluation, security incident response, penetration testing, vulnerability assessment, security monitoring, IT project implementation, or other similar technical activities.
- At least five (5) years of experience performing security control assessments (i.e. security testing such as activities defined in Task 3.1 of this SOW, security auditing, primary assessor for Security Control Assessments, etc.).
- At least six (6) years of experience performing security testing broken down as follows:
- At least three (3) years of experience performing Penetration Testing.
- An additional three (3) years of experience performing any combination of Penetration Testing, Operating System Security Testing, Database Security Testing, Network Fabric Asset Testing, Web Application Security Testing, or Wireless Communications Security Testing.
- At least two (2) years of experience performing Penetration Testing for Federal IT systems.
- Experience with NIST and FIPS security controls, DISA STIGs, and CIS standards.
- Experience working in groups acting as the sole security practitioner, as well as experience working in team(s) of various sizes of security personnel reviewing the same system.
gTANGIBLE Corporation is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, marital status, national origin, or political affiliation.