Washington, DC

Senior Penetration Tester

Job Specs

Cyber Defense
Washington, District of Columbia, United States

Job Description:

XOR Security is currently seeking a Sr. Penetration tester to support a program responsible for monitoring, detecting, analyzing, mitigating, and responding to cyber threats and adversarial activity on the agency's Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication. The DHS SOC is responsible for pen testing resources and support for public facing sites as well as high value assets within the department

The program has a critical need for a Penetration Tester. This is a full time funded position based in Washington DC. The DHS ESOC is responsible for:

  • Developing pen testing resources
  • Support public facing sites and high value assets within the department
  • Establish a pen testing program for use throughout DHS
  • Completes hands on pen testing capabilities
  • Communicates recommended solutions for addressing findings from a pen test

This is a big growth area for us and our customer over the next several years and so this role is also very strategic. This position location may be located at either L’Enfant Plaza or Elizabeth’s USCG Headquarters in Washington, DC.

Location: Washington, DC

Required Qualifications:

  • MUST HAVE A SECRET CLEARANCE with the ability to get TS/SCI. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.5 years in Pen Testing and Vulnerability Assessment
  • 7 years of professional experience in incident detection and response, malware analysis, or cyber forensics.
  • Experience with any three of the seven tools listed below:
    • Kali Linux
    • Metaspoilt
    • Burp suite
    • Cobalt Strike
    • Tenable Nessus
    • Web Inspect
    • Scuba
    • Appdetective

Desired Qualifications:

  • Experience developing custom exploits and exploitation tools in support of authorized penetration tests or cyber threat emulation exercises.
  • One or more certifications for Analysts:  GCIA, GCED, GCFE, GCTI, GNFA, GCIH, CND, ECSA, OSCP, OSEE, OSCE, GCFA, GREM, CHFI, CEH, GPEN, GWAPT, GISF, GXPN
  • Experience with analyzing deceptive technologies such as honeynets.
  • Ability to work with a cyber network defense organization to improve an organization’s detection capabilities.
  • Expertise in policies, industry trends, techniques related to penetration testing.
  • Existing Subject Matter Expert of Advanced Persistent Threat or Emerging Threats

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement:

Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP & AN ACTIVE SECRET CLEARANCE REQUIRED WITH THE ABILITY TO OBTAIN A TOP SECRET/SCI.