SITEC - Pentester - MacDill AFB

Peraton requires Pentesters to support the Special Operation Command Information Technology Enterprise Contract (SITEC) – 3 EOM.  This position is located at MacDill AFB in Florida.

The purpose of the Special Operations Forces Information Technology Enterprise Contract (SITEC) 3 Enterprise Operations and Maintenance (EOM) Task Order (TO) is to provide USSOCOM, its Component Commands, its Theater Special Operations Commands (TSOCs), and its deployed forces with Operations and Maintenance (O&M) services to maintain Network Operations (NetOps); maintain systems and network infrastructure; provide end user and common device support; provide configuration, change, license, and asset management; conduct training, and perform Install, Move, Add, Change (IMACs) services. The responsibilities and tasks associated with each requirement play a pivotal role to USSOCOM, the CIO/J6 organization, and ultimately the end-user who operate around the globe 24x7x365.

• Operates a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
• Develops and maintains security testing plans
• Automates penetration and other security testing on networks, systems and applications
• Develops meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
• Produces actionable, threat-based, reports on security testing results
• Acts as a source of direction, training, and guidance for less experienced staff
• Mentors and coaches other IT security staff to provide guidance and expertise in their growth
• Consults with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
• Communicates security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
• Delivers the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
• Fosters and maintains relationships with key stakeholders and business partners
• Uses various tools such as Remedy, Splunk, and Office Automation to perform duties
• Produces and distributes DCO Activity Reports – Daily, Weekly, Monthly, Annual reports on DCO performance
• Some positions may require working a non-traditional work schedule to support the needs of the customer.

Qualifications:

• Min 12 years with HS degree, 10 years with AS/AA degree, 8 years with BS/BA, 6 years with MS/MA, 3 years with PhD
• A DoD TS/SCI clearance is required
• DoDD 8570.01-M IAT II, AND
• CSSP Analyst OR CSSP Incident Responder

Desired Qualifications:

• In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
• Hands on experience with testing frameworks such as the PTES and OWASP
• Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud