Cloud Penetration Tester – SME

by | Nov 8, 2022

  • Anywhere

Terms: Full-time
Requirements: Must be a U.S. Citizen with Active Security Clearance

About us
Cyber Management is a rapidly growing Veteran Owned Small Business (VOSB). To us, Cyber is no buzzword…it is all of the technology supporting our business, government, and personal information, and we understand how vital it is to integrate security into the overall cyber management schema from design through operations. Information is one of the greatest resources of our time…keeping it flowing and keeping it safe is our mission. Come join us as we grow!  

We offer:

  • Excellent compensation, benefits and financial incentives
  • Opportunity to work with highly skilled and talented people
  • A Company that understands and values what you do, and committed to mutual success!

About the Role
Cyber Management International Corporation is actively recruiting highly motivated Penetration Tester (Red Cell) – SME professional looking for challenging, exciting work in support of the U.S. Department of State (DOS). Specifically, our customer is the Bureau of Diplomatic Security (DS), Directorate of Cyber and Technology Security (CTS). DS/CTS is a center of excellence that brings together cybersecurity, technology security, and investigative expertise as a unified security capability focused on solving critical and emerging issues enabling the State Department to fulfill its vital global mission.

Responsibilities

  • Design, plan and perform testing of cloud systems to satisfy the NIST 800-53 CA-8 security controls and using methodologies that may include, NIST SP 800-115, Penetration Testing Execution Standard (PTES), and Information Systems Security Assessment Framework (ISSAF).
  • Work with the Red Cell leadership to provide support on and/or lead cloud assessments from beginning to completion including meeting with systems owners, scoping assessments, delivery of assessment reports, briefing system owners and stake holders.
  • Performs leadership support on cloud implementations , network infrastructure, and operating system infrastructures.
  • Organize and lead efforts that document and design improvement strategies for discovered vulnerabilities and monitoring gaps.
  • Produce reports and conduct management briefings on test activities, scenarios, results and recommendations with personnel around the globe.
  • Stay abreast of current attack vectors and unique methods for exploitation of computer networks.
  • Provide support to incident response teams through capability enhancement and reporting.
  • Evaluating cloud system security configurations and recommend enhancements.
  • Provide mentoring and guidance to senior, mid, and staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.
  • Securing, testing, having a good understanding of Cloud vulnerabilities and how to address them

Qualifications: Basic Requirements

  • Bachelor’s Degree and a minimum of 9 years’ experience required. An additional 6 years of experience may be substituted in lieu of degree.
  • Active Secret Clearance required, Top Secret Preferred.
  • Experience with Burp Suite Pro or Zap, including identification and usage of relevant plugins
  • Experience with security assessment tools, including Nessus, Metasploit, or Cobalt Strike
  • Well-rounded background in application, network, cloud, and system security
  • Experience with conducting penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, GCP, and, on premise systems.
  • Proficient in evaluating cloud system security configurations.
  • Has expertise in evaluating findings and performing root cause analysis.
  • Understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
  • Industry related certification

Qualifications: Desired Requirements

  • Industry certifications such as OSCP, GCPN, CCSP, OSWE, GPEN, GCIH, GWAPT, or GXPN
  • Experience with server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code development, offensive security operation coordination and communication, vulnerability tracking and remediation, mobile testing

If you’re interested in applying for this position, please click the link below to apply. For additional questions,  email us at recruiting@cybermgt.com. 

To apply for this job email your details to gavallask@cybermt.com