Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Security Assessment Team Tester - Enterprise Services Microsites

advertisement 
Security Assessment Team Tester (Active TS required) – Washington, DC
HP Enterprise Services is seeking an experienced security professional generalist looking for an exciting
opportunity in Washington, DC serving on a Security Assessment Team as a tester. The candidate will be
comfortable researching and understanding a wide-variety of existing and emerging technology, have the
ability to participate in the aggressive testing schedule of the Security Assessment Team (SAT) and
appropriately contribute to the daily workload of a highly skilled and diverse group of security assessment
testers.
Clearance:
Active Top Secret and be amenable to a Counterintelligence SCI clearance (POLY) administered by the
FBI within 3 months of start date
Qualifications:
One of the following two certifications is required:


Certified Information Security Professionals (CISSP)
SANS GIAC Certified Incident Handler (GCIH)
--and-One of the following two certifications is required:


SAT members responsible for leading the assessment of web applications shall possess GWAPT
or equivalent certification.
SAT members responsible for leading penetration testing engagements shall possess the GPEN
or OSCP certification.
Job Description:
The candidate selected must have recent in-depth experience in the following:





Penetration testing of corporate and/or government networks and infrastructure
Automated & manual testing of information systems
Have experience with multiple open source and commercial testing tools. A non-comprehensive
list includes but is not limited to Nessus, App Detective, Metasploit, Burp Suite, and nmap.
o Note: Candidates will be asked to demonstrate usage of testing tools in a hands-on
interview environment
Vulnerability assessments
Test plan development, execution and reporting
The ideal candidate must have an expert understanding of at least one of the following
technologies and their security vulnerabilities:

Web applications and technologies: advanced understanding of application programming
languages, application servers, web services, and web browsers. Candidate should also
understand the vulnerabilities related to these technologies, as well as security best practices
when using them. Candidate should also be able to use automated assessment tools and manual
testing techniques to assess these applications. Familiarity with OWASP testing methodology is
also required.


Networking technologies: expert proficiency with various networking skills and technologies,
including (but not limited to) Cisco hardware and IOS, firewalls, IDS and IPSs, packet analysis,
and high level network architecture fundamentals.
Enterprise solutions, storage and databases: advanced understanding of relational
databases, database management systems, enterprise storage solutions, and security concerns
specific to these technologies.

Cross domain solutions and trusted operating systems: advanced experience with a range
of Cross Domain Solutions, or CDSs, and advanced understanding of the unique security
requirements of CDSs and trusted OSs such as trusted Solaris.

Virtualization technologies: advanced experience with VMware products and Microsoft
virtualization technologies.

Mainframes: advanced understanding of mainframe hardware and software, to include OSs.
Candidate should also understand mainframe security best practices.
The candidate should also be experienced with:







Source code review
Web application testing
Threat modeling/simulation
Social engineering
Networking background including experience with Cisco or Juniper firewalls, routers, and
switches.
SOC experience which may include IDS/Sourcefire, Wireshark, or Packet level forensics analysis
experience
Understanding of emerging technologies
The candidate should have a working-understanding of the following:






Have a broad knowledge of security methodologies, solutions and best practices.
Have a broad knowledge of the technical and non-technical tactics, techniques and procedures
used by adversaries to exploit information systems. Candidate should be able to conduct
advanced tests that simulate malicious users.
Advanced understanding of the strengths and weaknesses of security tools. Ability to select the
right tool for the job. Ability to configure and troubleshoot tools if necessary.
Be comfortable using, configuring, troubleshooting, and administrating both UNIX based and
Microsoft operating systems. Candidate should also have extensive systems engineering
experience with at least one of these OSs.
Have a solid understanding of the makeup and structure of the intelligence community,
Department of Justice and FBI. Candidate should understand the security policies of these
organizations, as well as security guidelines published by the National Institute of Standards
(800-53).
Have the ability to think critically and creatively. Capable of synthesizing and analyzing large
amounts of data related to complex systems. Ability to articulate thoughts and findings in a
concise and comprehensive manner. Candidate should also have a strong professional bearing.
Travel Requirements:
Travel: 40% within a 50-mile radius of Washington, DC
Examples of Software Used for Testing by the Customer:
Tool Name
AppDetective Pro
CORE Impact
GFI Languard
IBM Rational AppScan
Nessus
Security Expressions
HP WebInspect
Solarwinds Engineers Toolset
Amap
Cain
Hping2
Nbtscan
Netcat
Nmbscan
Paros
pwdump3e
THC-Hydra
UnicornScan
Xprobe2
Nipper
MySQL - Administrator
MBSA
DumpACL
DumpSec
Hyena
L0phtCrack
RegTools
Secedit
Use
Database Scanner
Penetration Testing
OS Vulnerability Scanning
Web Vulnerability Scanning
OS Vulnerability Scanning
Configuration/Policy scanner
Web Vulnerability Scanning
Networking
Application Mapper
Network Sniffer/Password Recovery
Network Traffic Utility
Netbios Scanner
Network Utility
Netbios Scanner
Web Proxy/Scanner
Password Extraction Utility
Brute Force Password Cracker
Stateless Scanner
OS Fingerprinting
Network Device Configuration Parser
Database Administration
Security Analyzer
Policy/Configuration Auditing
Policy/Configuration Auditing
Policy/Configuration Auditing
Password Cracker
Registry Enumeration
Security Editor Tool
Related documents
Microsoft Word - Teacher Ed. Observation Form.doc
Microsoft Word - Teacher Ed. Observation Form.doc
Collen Visiting Associate Reference Form
Collen Visiting Associate Reference Form
External Referee Forms - IUPUI Academic Affairs
External Referee Forms - IUPUI Academic Affairs
Feedback Tips for Associate Teachers
Feedback Tips for Associate Teachers
TEMPLATE A – INTERNAL ANALYSIS
TEMPLATE A – INTERNAL ANALYSIS
Commercial awareness – the interviewers perspective
Commercial awareness – the interviewers perspective
LEXICAL-GRAMMAR TEST №11
LEXICAL-GRAMMAR TEST №11
Downs Junior School Music Teacher
Downs Junior School Music Teacher
World Lit Papers: Format Issues
World Lit Papers: Format Issues
Nessus®
Nessus®
Download
advertisement