Part-time Senior Penetration Testers

Location: Washington, DC
Date Posted: 04-16-2017
The part-time Penetration Tester will have experience performing hands-on penetration testing, security test planning, and vulnerability analysis; focusing on automated and manual exploitation of applications, networks, and system level designs and implementations. This position requires a strong ethical hacking mindset with proven professional experience in assessing diverse network and system architectures in a comprehensive manner.  The successful candidate will enjoy working in a dynamic, responsive, and collaborative environment and be dedicated to the success of customers.  Experience and detailed technical knowledge in information security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security is essential. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings. Must be able to work both independently and as a part of team testing efforts.

Required Skills/Qualifications:
  • Combined five (5) years professional experience conducting penetration testing and vulnerability assessments
  • Combined seven (7) years working in the disciplines of: web security server vulnerability assessments; network auditing; hands-on work experience with web server administration (Apache, IIS); and hands-on work experience with web content administration and web development with at least 3 of the following: .Net, PHP, Java, Drupal, Perl, or ColdFusion
  • Strong experience with tools used for application security vulnerability testing such as Burp Suite and Netsparker
  • Excellent written and verbal communication skills, especially when dealing with large reports and datasets
  • A high standard of documentation and experience writing Rules of Engagement, security test plans, risk/vulnerability assessments, and findings reports
  • Ability to translate technical information into business impact for non-technical audiences
  • At least one certification from the following list:
    • Global Information Assurance Certification (GIAC)
      • GWAPT - GIAC Web Application Penetration Tester
      • GPEN - GIAC Network Penetration Tester
      • GXPN - GIAC Exploit Researcher and Advanced Penetration Tester
    • Offensive Security
      • OSCP - Offensive Security Certified Professional
      • OSCE - Offensive Security Certified Expert
    • International Council of Electronic Commerce Consultants (EC-Council)
      • CEH - Certified Ethical Hacker
      • LPT - Licensed Penetration Tester
Desired Skills:
  • Experience building automated tool sets
  • Experience in custom scripting
  • Experience with secure code reviews and tools
  • Experience with mobile device penetration tools and techniques
  • Experience with wireless device and access point penetration tools and techniques
  • Experience with Kali Linux distributions
  • Other Microsoft, Linux, Cisco, or security certifications
  • Understanding of WAN technologies (MPLS, PPP, VPN, proxies, load balancers, etc.)
  • Experience assessing systems as part of FedRAMP
  • Understanding and experience with Cisco and/or Juniper routing, switching, and security products
  • Experience working in a service desk environment and supporting customer infrastructure

Education and Experience:
  • Bachelor’s degree
  • At least seven (7) years of experience
  • Open, United States

Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. 
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
this job portal is powered by CATS