PENETRATION TESTER (Remote) with Security Clearance

Emagine IT has an immediate need for a Penetration Tester to join our team in support of our Commercial Services Team located remote. In this role, you will facilitate Penetration Tests, Threat Hunting exercises and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments. To succeed in this position, you will need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls.

You will work in a team atmosphere with an experienced Sr. Consultant Project Lead, and you will be assigned technical sections and provide client-ready deliverables. In this role, you will:

• Execute testing procedures in accordance with NIST SP 800-53A Revision 4
• Test for vulnerabilities, validate exploitable vulnerabilities within network, cloud, web and mobile environments
• Perform Social Engineering campaigns, including email phishing, spear phishing, phone pre-text calling - Including but not limited to creation of landing pages, creation of embedded executable payloads
• Develop Rules of Engagement, Penetration Test Plans, Penetration Testing report, Power Point presentations for kick-off and closing of client engagements
• Author recommendations based on findings to improve security postures compliant with NIST controls
• Penetration Testing/Threat Hunting (75%); Advisory/Consulting (25%)
• Experience using: Kali Linux, Social Engineering Toolkit, Burp Suite, Nessus, Metasploit Framework, MITRE ATT&CK Framework, coding (Python, Ruby, etc.), SQL commands and testing

Required Qualifications:

• Bachelor's degree (4-yr college or university) or equivalent combination of education and experience
• Minimum three (3) years of experience in IT industry with strong familiarity with NIST Special Publications (SP) 800-37 Revision 1, 800-53 Revision 4, and 800-53A Revision 1, PCI-DSS, SOX, HIPAA
• Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences
• Strong NIST experience (in order of preference): NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171
• Ability to independently lead small, less complex system assessments
• Ability to assist team members with proper artifact collection and detail to client's examples of artifacts to satisfy assessment requirements
• At least one of the following certifications in order of preference: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, and/or CAP certification
• Must have a Penetration Testing Certification - order of preference: OCSP, GIAC-GPEN, LPT
• Second certification in order of preference to be obtained within 6 months or by conversion date: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, or CAP
• Candidate must perform 'CTF' style penetration test including presentation of findings prior to offer of employment

Additional Qualifications:

• Experience reviewing Nessus output
• Basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft
• Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements
• Experience with Amazon Web Services, Microsoft Azure, Google Cloud etc.
• Project management experience or certification (PMP)
• Must be eligible for Secret Clearance or Public Trust

AAP/EEO Statement: Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.