- 7 years of information management or integrated systems experience including a minimum of two (2) years of specialized experience in the Information/Network Security Systems field with an emphasis on Penetration Testing and Source Code Analysis.
- BS degree in Computer Science, Information Systems, Engineering, or related field required.
Prior Blue or Red Team Leadership using and applying collaborative testing methodologies to centralize testing activities, assign testing tasks and monitor the work of the team.
Research and analytic skills with an emphasis on “zero day” discovery, modern fuzzing techniques, fuzzing frameworks, testing instrumentation and automation.
A strong development background and the ability to familiarize with new languages rapidly.
A demonstrated history of developing custom tools and attack scripts.
Remote triage, debugging and analysis.
Experience using appropriate penetration testing tools, examples in NIST 800-115: Kali, Linux Kernel, Solaris, RHEL, Java (JBOSS), .Net, Active Directory, ipv4, ipv6 and routing protocols.
Penetration Testing (skills and methodology), Application Security Testing, and Vulnerability Testing.
5+ years of experience with operating, or testing Microsoft Windows, Solaris, and Linux (Redhat/Ubuntu) operating systems.
5+ years of experience with Assessment and Security Technologies: Nessus, IP360, Retina, , AppScan,
2+ years of experience with Information Systems Security Engineering.
2+ years of experience with Certification and Accreditation (C&A) activities.
Experience using vulnerability scanning tools (e.g., Tripwire IP360, Guardium, AppScan Enterprise, AppScan Source)
- Ability to obtain IRS Security Clearance. Must be a US Citizen.
- CEH, OSCP or similar certification
- CPT, LPT, GPEN or similar certification
- CISSP or similar certification
- Experience with DIACAP, RMF, and C&A processes.
- Familiarity with National Institute of Standards and Practices (NIST) publications to include NIST SP 800-53.
- Specialized experience in preparing and maintaining accreditation documentation; IA Control implementation and validation.
- Experience with networking devices, including routers, firewalls, and switches.
- Knowledge of the security relevant capabilities of a common server, desktop, and network technologies for Oracle and SQL databases and Microsoft Windows, Solaris, and Linux platforms.
- Ability to research and document the latest vulnerabilities, threats, and potential risks applicable to specific IT systems.
- Ability to provide the IA status and facilitate meetings.
- Ability to document findings encountered during security testing and provide possible mitigation to the findings.
- Possession of excellent analytical skills.
- Possession of excellent oral and written communication skills
Paragon is an Equal Opportunity Employer and does not discriminate in employment opportunities or practices on the basis of: race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability, veteran status, or any other characteristic protected by country, regional, or local law.