remote

Security Penetration Tester - DataLock Consulting Group

Software Engineer

Conducts security control assessments and penetration tests on systems, applications, and databases, identifying vulnerabilities and recommending remediation using tools such as Metasploit, Burp Suite, and scripting in Python.

About the role

This is a remote position.

1. POSITION TITLE

Penetration Tester

2. REPORTS TO

Lead Security Assessor\Technical Manager

3. DELEGATION OF DUTIES DURING ABSENCE

Lead Security Assessor\Technical Manager

4. SUMMARY

5. RESPONSIBILITES

Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
Have a working knowledge of the FedRAMP Penetration Guidance and Requirements
Develop associated schedules and resource plans to complete the assessments.
Perform quality control on the assessment and associated deliverables.
Participate as an individual contributor for complex system assessments.
Develop practical and risk-based approaches for security control implementation and vulnerability remediation.
Work closely with ISSOs (contractors and Government) and the technical team and ensure all appropriate A&A supporting documentation is provided prior to conducting the assessment.
Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.
Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.
Conduct/participate in Security Assessment Kickoff briefings and SAR briefings.
Review cyber/system/network security body of evidence and documentation for accuracy and completeness.
Conduct security controls assessment of applicable security controls and privacy controls; assess implemented security controls and provide assurance that they are operating as intended.
Analyze security control findings for information systems and applications to convey weaknesses.
Document security assessment results accurately; read, understand, and convey vulnerabilities found during the assessments.
Create security assessment results and document recommendations in a SAR for remediations and security control measures.
Perform audits of each system and provide an authorization recommendation based on determination of risk to the customer.
Audits will include unprivileged and privileged scans against each applicable system.
Audits will include unprivileged and privileged database scans against each applicable database management system (DBMS).
Perform quality control on the assessment and associated deliverables.
Conduct Post Assessment Meetings with the customer.
Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vuln

About the role

This is a remote position.

1. POSITION TITLE

Penetration Tester

2. REPORTS TO

Lead Security Assessor\Technical Manager

3. DELEGATION OF DUTIES DURING ABSENCE

Lead Security Assessor\Technical Manager

4. SUMMARY

5. RESPONSIBILITES

Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
Have a working knowledge of the FedRAMP Penetration Guidance and Requirements
Develop associated schedules and resource plans to complete the assessments.
Perform quality control on the assessment and associated deliverables.
Participate as an individual contributor for complex system assessments.
Develop practical and risk-based approaches for security control implementation and vulnerability remediation.
Work closely with ISSOs (contractors and Government) and the technical team and ensure all appropriate A&A supporting documentation is provided prior to conducting the assessment.
Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.
Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.
Conduct/participate in Security Assessment Kickoff briefings and SAR briefings.
Review cyber/system/network security body of evidence and documentation for accuracy and completeness.
Conduct security controls assessment of applicable security controls and privacy controls; assess implemented security controls and provide assurance that they are operating as intended.
Analyze security control findings for information systems and applications to convey weaknesses.
Document security assessment results accurately; read, understand, and convey vulnerabilities found during the assessments.
Create security assessment results and document recommendations in a SAR for remediations and security control measures.
Perform audits of each system and provide an authorization recommendation based on determination of risk to the customer.
Audits will include unprivileged and privileged scans against each applicable system.
Audits will include unprivileged and privileged database scans against each applicable database management system (DBMS).
Perform quality control on the assessment and associated deliverables.
Conduct Post Assessment Meetings with the customer.
Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vuln

Security Penetration Tester - DataLock Consulting Group

About the role

Security Penetration Tester - DataLock Consulting Group

About the role

Skills