Cyber Pentester

About the Role: You will work to conduct cybersecurity technical assessments, including network penetration testing, Vulnerability Assessments and simulated offensive/Red Team projects, on behalf of multiple US commercial sector customers. Key duties will involve technical aspects of enterprise computer network defense (CND), network/host level security assessments, web application assessments, and development of recommendations to improve customer cybersecurity program effectiveness. Analysis and customer briefings. Interacts directly with client technical and business operational teams. Provides input to formal reports and summaries for client and stakeholder review.

Your role:

- Perform penetration testing to assess and validate the security posture of Raytheon client systems
- Carry out scoping activities to identify what components of a given system require testing and to provide a likely effort required to carry out the testing
- Report results of testing to our customers, including project managers, service  owners, developers and risk managers
- Provide subject matter expertise to key stakeholders
- Have the flexibility to work on multiple projects as needed
- Work within a team environment and across business units to complete associated tasks with exceptional results
- Undertake any other tasks assigned by your manager that you have the capability to perform safely. (NOTE: All tasks assigned and carried out must be performed in accordance with all relevant internal Bank policies
and external regulatory requirements).

Skills

- An understanding of vulnerability identification or penetration testing processes and
methodologies
- An understanding of software security principles, including both technical security and secure software design.
- Experience in using penetration testing tools such as Burp Suite and Metasploit
- Experience in programming across a variety of platforms

Required Skills/Experience/Education:

• Experience conducting penetration testing activities on networks, web applications, mobile applications, and API based systems.
• Proficient in at least two programming or scripting languages such as Java, C#/C++, Python, Perl, Powershell, and PHP.
• Knowledgeable in NIST and Fedramp Protocols.
• Broad based IT background with a technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle.
• Excellent communication skills, both written and verbal with strong presentation skills.
• Ability to translate technical materials and issues into non-technical/layman terms.
• Demonstrated skills in the entire Microsoft desktop suite (Word, Excel, Power Point, etc.)
• 2 or more of relevant certifications: CISSP, CISA, CISM, OSCP, CEH, GCIH, GPEN, GWAPT, or equivalent.
• Bachelor's or Master's degree in Information Technology, Computer Science or relevant discipline, or relevant work experience.
  
  
  DUTIES:
  Candidate will also have an understanding of how to apply the principles of Information Security in a variety of circumstances and be able to translate the NIST 800-53 guidelines into common technical implementations.
  Perform or direct the following types of penetration testing:, Corporate network to Cloud system (Insider Threat), External to Cloud system (Web Application and Network attacks), Tenant to Tenant, Spear Phishing E-mail campaigns, Physical attack vectors when applicable for data center locations, Privilege escalation (Web Application and Network attacks), Mobile application vulnerability discovery.
  Ideal Candidate will participate in proposal development for commercial penetration testing opportunities.
  Analyze, disassemble, and reverse engineer code to discern weaknesses for exploitation
  Develop Penetration Testing Reports that are compliant with FedRAMP and DoD requirements.
  Provide expertise and assist in the assessment of FedRAMP security controls when not engaged on penetration testing activities.
  Provide review and analysis on vulnerability scan results from tools such as Nessus, Nexpose, Retina, SAINT, Qualys, AppDetective, SecureSphere, WebInspect, IBM AppScan, Burp Suite, etc.
  Provide training on vulnerability scanning tools to other team members.
  Team player; able to work well with others in a collaborative manner and is a self-starter who can work with minimum supervision.

-Travel up to 50% of the time.


This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization. 142758BR 142758

‍