Skip to main content

Lead Penetration Tester

Apply Now
Businesses Raytheon Intelligence & Space Clearance type Top Secret - Current Relocation eligible No Ability to Telecommute No telecommuting Job ID 178787BR Most Recent Date Posted 09/15/2021 City Greenbelt State MD Country United States
Raytheon Intelligence & Space (RIS) – Cybersecurity, Training & Services (CTS) is seeking a cleared Lead Penetration Testerto direct a team in fulfilling a U.S. Federal Agency’s mission to ensure security measures and safeguards are in place to thwart threat attacks and prevent unauthorized access.

* An active TS security clearance is required.

Work Location: Beltsville MD

Job Description:
Leads and conducts network or software vulnerability assessments and Red Team penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Leverage the MITRE ATT&CK framework to develop threat models and methodologies in building operational engagement plans. Create test cases each individual TTP found in ATT&CK as well as custom and more advanced variants to assess the organization’s coverage across a spectrum of intrusion sets and scenarios. Develop and use malware, pivoting, escalating privileges to test the organization’s security effectiveness

Job Responsibilities:

Shall perform specific activities that include, but not limited to the following:
  • Develop and maintain a multi-year schedule with resourcing for penetration testing activities
  • Plan, communicate, coordinate and perform penetration tests and security assessments at application, system and enterprise levels.
  • Interface and coordinate with third party organizations performing penetration testing
  • Interface and coordinate with system owners to establish targets for testing, test schedule, test goals, and rules of engagement
  • Devises plans and scenarios for various types of penetration tests and automate the simulation of tactics, techniques, and procedures used by advanced cyber threat actors
  • Lead and conduct penetration test in accordance with NSA INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM)
  • Manage and perform reconnaissance, threat modeling, vulnerability identification, authorized exploitation, and post-exploitation cleanup activities
  • Ensure penetration testing reports includes targets, test plan, scenarios tested, findings, test evidence and recommendations in penetration test report and presents results to customer leadership
  • Conduct management briefings on penetration testing program, metrics, schedule, activities, performance and vulnerability findings
  • Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
  • Manage and support the development of penetration testing SOPs.
  • Performs off-hours work as necessary.
  • Occasionally travel within CONUS and OCONUS.

Required Skills:

  • Skilled in managing diverse workforce, resource assignment, scheduling, metrics and process development
  • Ability to assess information of network threats such as scans, computer viruses or complex attacks
  • Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
  • Contribute to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk
  • Experienced with penetration testing using standard penetration tools (Metasploit, Nmap, Nessus, Burp Suite, etc.)
  • Experience with SIEMS (such as NetWitness, Splunk, SumoLogic, QRadar)
  • Experience with packet analysis to include: HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
  • Knowledge of and practical experience of integration of COTS or open source tools
  • Excellent written and verbal communication skills
  • Proficiency with MS Office Applications
  • Must be able to work collaboratively across teams and physical locations
  • Working knowledge of WAN/LAN concepts and technologies
  • Knowledge of the following:
    • Operating System Hardening
    • Vulnerability Assessment testing
    • Identification and Authentication schemes
    • Public Key Infrastructure and Identity Management
    • WAN/LAN, firewalls, routers and security appliances
    • Cross Domain Solutions
    • Reverse Engineering
    • Security engineering
    • Cloud and hybrid Cloud environment
    • Mobile technologies

Required Certifications:

OSCP/E or equivalent

Desired Certifications:

DODI 8570.1-M Compliance at IAT Level II; CISSP preferred

Required Education:

*Bachelor of Science Degree in Cyber Security, Computer Science, Computer Engineering or related field and candidates must have a minimum of 8+ years of relevant work experience. Equivalent education and experience may be considered.

Due to a customer requirement, as a condition of employment for this position, the successful candidate will be required to obtain and provide proof of COVID-19 vaccination prior to commencing employment or submit to regular COVID testing.

Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Apply Now

Your Saved Jobs

You have not saved any jobs.

Recently Viewed Jobs

You have no recently viewed jobs.

Sign Up for Job Alerts

Get the latest career opportunities as soon as they become available.

Interested InSearch for a category and select one from the list of suggestions. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Computer Engineering, Greenbelt, Maryland, United StatesRemove
  • Computer Science, Greenbelt, Maryland, United StatesRemove
  • Cyber, Greenbelt, Maryland, United StatesRemove
  • Security, Greenbelt, Maryland, United StatesRemove
  • Systems Engineering, Greenbelt, Maryland, United StatesRemove
  • Technical, Greenbelt, Maryland, United StatesRemove
  • Engineering, Greenbelt, Maryland, United StatesRemove
  • All, Greenbelt, Maryland, United StatesRemove
  • SAS Information Security Analyst, Greenbelt, Maryland, United StatesRemove