DescriptionSAIC has an opening for a Associate Penetration Tester. The Associate Penetration Tester will be focused on performing internal and external network penetration tests of servers, infrastructure components and networks. The selected hire will also participate in enterprise penetration testing engagements. The selected hire will be expected to continuously develop their offensive security skills, knowledge, and capabilities as well as contribute toward the advancement and maturity of the team’s offensive security services.This position is 100% remote nationwide.Job Duties:
Conduct network and system penetration testing.
Perform full-scope internal penetration tests (discovery, evasion, privilege escalation, execution/exploitation, credential access, lateral movement, & action on objectives) in a controlled/safe manner on live network infrastructure services, Active Directory environments and other systems/applications.
Interface and coordinate with System Owners to establish the scope for testing, test schedule, test goals, and rules of engagement.
Perform documentation review and provide improvement recommendations.
Communicate and escalate issues and alerts as required by process or management.
Additional responsibilities including the support of various Enterprise Security Operations Center activities.
Keys for Success:
Operate professionally always guided by SAIC's core values: passion, empowerment, integrity, inclusion, and innovation.
Ability to effectively prioritize and effectively execute multiple assigned tasks.
Attention to details in the execution of all tasks and in documentation.
Curiosity and love to solve problems and puzzles; analytically rigorous; uncompromising integrity.
Self-starter with ability work with minimal supervision, as well as optimally work on teams with individuals with a variety of skills and backgrounds.
Flexibility, persistence, resilience and determination.
Passion for life-long-learning and skills development.
QualificationsRequired Education and Experience:
Bachelors and two (2) years or more of IT/Cyber experience, Masters and zero (0) years of related IT/cyber experience. Experience may be accepted in lieu of a degree.
Must be a US Citizen with the ability to obtain a Public Trust clearance after hire.
Must possess the following certifications: Security+ or CySA+ AND Certified Ethical Hacker (CEH), eJPT, or PenTest+ certifications.
One (1) or more years of experience in a full-time offensive security role.
One (1) or more years of experience with offensive tool sets including Kali Linux, Metasploit, Burp, ZAP interception proxies, NMAP, etc
One (1) or more years of experience with vulnerability scanning tools such as Tenable Security Center/Nessus.
Ability to conduct penetration tests on applications, systems and network utilizing proven/formal processes and industry standards.
Ability to test, identify and exploit trust, misconfigurations, and vulnerabilities in live Microsoft Active Directory environments without being detected by advanced commercial security solutions.
Proven ability to Work proficiently from the Windows and UNIX/Linux command line (e.g., Bash and PowerShell).
Hands-on experience conducting cloud asset penetration testing.
Proven ability to research and formulate recommendations for vulnerabilities found during assessments.
Proven ability to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and system flaws.
Proven ability to test, identify and exploit trust, misconfigurations, and vulnerabilities in live Microsoft Active Directory environments.
Knowledge of security architectures and devices.
Knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
Can-do attitude.
Self-motivated and quick learner with the ability to work independently or with minimal guidance.
Excellent communication skills both verbal and written.
Must have experience managing multiple projects and quickly and effectively adjusting to shifting priorities and resolving issues.
Desired Qualifications :
Possess any combination of the following certifications: GPEN, GWAPT, OSCP, or additional relevant certifications.
Two (2) or more years of hands-on experience as a member of an internal penetration testing team or for a penetration testing firm.
One (1) or more years of hands-on experience performing Web Application Penetration Testing.
One (1) or more years of hands-on cloud penetration testing experience.
One (1) or more years of experience in a Red Team Operator, SOC Analyst, Incident Response Analyst, or System Administrator role.
One (1) or more years of experience using at least one of the following scripting languages: PowerShell, Bash, Python, Ruby.
Hands-on experience creating reports and/or documenting processes and procedures.
SAIC accepts applications on an ongoing basis and there is no deadline.Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
REQNUMBER: 2407246SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability