Cloud Penetration Testing and Vulnerability Assessment Lead (Secret Clearance Required) Partners Data Systems
Arlington, VA

Job Description

Since our founding in 2001, AIS has provided a supportive place to work for technologists to research, create and support mission critical cyber security solutions. We have built a reputation for hiring talented and motivated individuals in both our services and R&D organizations. We focus on growing and developing the skills of our employees to ensure that our organization continually provides strong support to keep pace with the needs of our customer base while keeping true to our hacker roots - the Jolly Roger flies proudly outside of our Rome, NY HQ.

Top Benefits Include:

* 401k Plan With 7% Company Contribution - Fully Vested Day 1
* 100 % Company Paid Health Insurance Premiums (Blue Cross/Blue Shield)
* 4 Weeks of Vacation + 10 Paid Holidays (several floating/flexible)
* Flexible Working Schedules

Daily Responsibilities:

* Provides direct supervisory guidance to senior and mid-level team members.
* Oversees and approves technical requirements of systems supporting Red Cell Cloud operations.
* Ensures Cloud Penetration Testing and Vulnerability Assessment team members are qualified and capable of supporting the Red Cell mission.
* Prepares periodic reports for Client management and Red Cell deliverables to client.
* Manage Red Cell Operations and Administrative tasks
* Assess and enhance current processes for the testing of cloud implementations and vulnerability assessments of those implementations.
* Recommend mitigation and remediation strategies based upon the class and category of vulnerability
* Develop all processes, policies and operational procedures
* Maintains active liaison with other departments within DoS and government agencies relating to situational awareness
* Performs Leadership Support and Penetration Testing on cloud implementations and other applications, network infrastructure and operating system infrastructures.
* Briefs executive summary and findings to stakeholders to include Sr. Leadership
* Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network and cloud vulnerabilities, data hiding and network security and encryption.
* Provide support to incident response teams through capability enhancement and reporting.
* Provide mentoring and guidance to junior, mid, and senior staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis

Required Qualifications:

* Must possess ten (10) years of substantive IT knowledge including four (4) years of combined hands-on Penetration Testing and cloud security experience and demonstrate hands-on expertise and/or training in areas of cloud and mobile technologies.
* Bachelor's Degree in a related field
* Must have experience leading a team of penetration testers and/or cloud security analysts. (Primarily, the focus of this position is on leading the security assessments of GOV-Cloud systems (Amazon AWS, Google Cloud, and Microsoft Azure and O365, among others), assessing the risks inherent in a cloud implementation, and how that impacts the traditional "on premises" existing architecture.)
* Hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, risk assessments, secure coding practices or threat modeling.
* The ability to mentor and train the other team members in these technologies
* Able to lead Cloud Vulnerability Assessments using Automated and Manual TTPs.
* Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
* Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
* Must have solid working experience and knowledge of Windows and Unix/Linux operating system
* Active Secret clearance
* CISSP

Desired Qualifications:

* A familiarity of Network and System architecture analysis.
* Fundamentals of network routing & switching and assessing network device configurations
* Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
* Strong familiarity with OWASP top 10, PTES and NIST 800-53.
* The ability to perform static and/or dynamic code review
* OSCP, GIAC, GPEN, GWAPT, or other penetration testing certification
* CEH