SAIC supports the NASA Independent Verification and Validation Facility in Fairmont, West Virginia, and is seeking an experienced Penetration Tester/Cybersecurity Specialist.
The Penetration Tester role is responsible for developing and simulating real-life cyber-attacks with the goal of helping organizations improve their security posture. This is a highly technical hands-on role that will utilize knowledge/experience in operating systems, system administration and creativity skills. It is an opportunity for a team player to enhance a world-class team and learn new skills.
- Conduct host/network/application penetration testing as a member of a technical team
- May lead teams for individual penetration test engagements
- May support NASA in developing and documenting approaches to performing penetration testing
- Perform full-scope penetration tests (discovery and exploitation of vulnerabilities) on live network infrastructure, services, Active Directory environments, and other systems/applications
- Able to test, identify and exploit trust, misconfigurations and vulnerabilities in live MS Active Directory environments without getting detected by advanced commercial security solutions
- Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)
- Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
- Able to write scripts in PowerShell, bash and a preferred scripting language
- Research and formulate recommendations for vulnerabilities found during assessments
- Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
- Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
- Develop proof-of-concept examples and scenarios for reports and live demonstrations
- Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members.
- Review custom applications source code for security flaws and vulnerabilities
- Able to test, identify and exploit vulnerabilities in web applications without the use of scanning tools.