Penetration Tester w/ TS/SCI- Hybrid Washington D.C.

Penetration Tester w / TS / SCI

This company is seeking a Penetration Tester and Subject Matter Expert (SME) to join their Cyber Solutions Practice in Arlington, VA, providing on-site support to a federal customer in Washington, D.

C. Qualified candidates should have experience in software assurance, penetration testing with various automated tools, security patch management, secure cloud, and hybrid engineering.

Candidates must hold an active Top-Secret clearance with SCI eligibility.

This position will be a 6-month contract-to-hire and will be a hybrid model of 4 days on site their Washington D.C. office.

What You Will Be Doing :

• Perform Penetration Testing and Software Assurance : Conduct penetration tests, software assurance evaluations, and vulnerability assessments for a Federal customer on-site in Washington, DC.
• Interpret Results and Recommend Actions : Analyze penetration testing outcomes to identify vulnerabilities and suggest corrective actions or mitigation strategies.
• Report Production : Generate and deliver comprehensive reports on software assurance efforts, collaborating with service providers and individual programs / systems.

Deliverable : Software Assurance Reports.

• Security Implications : Identify and address security implications during software acceptance activities, including completion criteria, risk acceptance, documentation, common criteria, and independent testing methods.
• Security Test Assessments : Conduct security test assessments supporting Federal customers and system-specific software assurance efforts, working with service providers and individual programs.
• Collaboration with DevSecOps Teams : Work with DevSecOps team members from various organizations to integrate information assurance and cybersecurity practices throughout Agile development activities, covering requirements, design, implementation, testing, and delivery of new IT solutions, applications, services, systems, or enhancements.
• Vulnerability Assessments : Perform and document vulnerability assessments of government-identified systems. Deliverable : Vulnerability Assessment Reports.
• Maintain SOPs : Update and maintain software assurance Standard Operating Procedures (SOPs) in compliance with IC and DHS policies.

Deliverable : Software Assurance SOPs.

Review and Update Security Configurations : Annually review and update all security configurations within automated DevSecOps tools and manual processes to ensure compliance with IC policy.

Implement approved changes and report metrics in Monthly Status Reports.

Required Skills & Experience :

• Experience : A minimum of 7 years of total cybersecurity and / or information technology professional experience, with at least 5 years of recent experience in software assurance, penetration testing with automated tools, security patch management, secure cloud and hybrid engineering, CDS, and web security.
• Certifications : Cybersecurity certifications such as Certified Ethical Hacker (CEH), CISSP, CASP, or comparable demonstrable experience are preferred but not required.
• Tool Proficiency : Proficiency in Nessus Security Center, Security Content Automation Protocol (SCAP), Web Application Scanning, Penetration Testing, Web Inspect, Fortify, and similar tools.

Recent experience in Software Assurance. SonarQube experience is preferred.

• Technical Skills : Experience with Linux and Cisco Routing and Switching.
• Security Clearance : Active Top-Secret clearance is required. This position also requires extensive background, credit, and drug screening checks.

Desired Skills & Experience :

Education : Bachelor's or Master's degree in a technology discipline from an accredited university.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.

This position doesn’t provide sponsorship.