Paragon Technology Group

  • IT Security Specialist Senior - Penetration Tester

    Job Location US-MD-Lanham
    ID
    2018-1690
  • Overview

    Paragon Technology Group, Inc. is a leading provider of strategic technology solutions to the public sector. Founded in 1997, Paragon has been recognized as one of the top 50 fastest growing companies in the Washington, D.C., Metro area. Paragon delivers an extensive suite of IT services across the public sector and is renowned for delivering technical excellence in every client engagement.

    Responsibilities

    • Support certification tasks for various IT systems / projects.
    • Experience conducting planning and executing Penetration Testing and Source Code Analysis required.
    • Perform tasks focused on the development of security test plans, conduct security testing, analyze test results, and develop risk assessment reports that document vulnerabilities, threats, impacts, and recommended mitigations.. 
    • Review security test plans and procedures for accuracy and execute test procedures to validate systems compliance with DOT security requirements. 
    • Work with a certification team, with data owners and systems administrators to gain in-depth knowledge of complex networks to ensure Certification and Accreditation (C&A) documentation accurately depicts the environment.

    Qualifications

    • 7 years of information management or integrated systems experience including a minimum of two (2) years of specialized experience in the Information/Network Security Systems field with an emphasis on Penetration Testing and Source Code Analysis.  
    • BS degree in Computer Science, Information Systems, Engineering, or related field required.
    • Prior Blue or Red Team Leadership using and applying collaborative testing methodologies to centralize testing activities, assign testing tasks and monitor the work of the team. 

    • Research and analytic skills with an emphasis on “zero day” discovery, modern fuzzing techniques, fuzzing frameworks, testing instrumentation and automation.

    • A strong development background and the ability to familiarize with new languages rapidly.

    • A demonstrated history of developing custom tools and attack scripts.

    • Remote triage, debugging and analysis.

    • Experience using appropriate penetration testing tools, examples in NIST 800-115: Kali, Linux Kernel, Solaris, RHEL, Java (JBOSS), .Net, Active Directory, ipv4, ipv6 and routing protocols.

    • Penetration Testing (skills and methodology), Application Security Testing, and Vulnerability Testing.

    • 5+ years of experience with operating, or testing Microsoft Windows, Solaris, and Linux (Redhat/Ubuntu) operating systems. 

    • 5+ years of experience with Assessment and Security Technologies: Nessus, IP360, Retina, , AppScan,

    • 2+ years of experience with Information Systems Security Engineering.

    • 2+ years of experience with Certification and Accreditation (C&A) activities.

    • Experience using vulnerability scanning tools (e.g., Tripwire IP360, Guardium, AppScan Enterprise, AppScan Source)

     

    Mandatory Requirements:

     

    - Ability to obtain IRS Security Clearance. Must be a US Citizen. 

    - CEH, OSCP or similar certification

    - CPT, LPT, GPEN or similar certification

    - CISSP or similar certification

     

     Additional Qualifications:

    •  Experience with DIACAP, RMF, and C&A processes.
    • Familiarity with National Institute of Standards and Practices (NIST) publications to include NIST SP 800-53.
    • Specialized experience in preparing and maintaining accreditation documentation; IA Control implementation and validation.
    • Experience with networking devices, including routers, firewalls, and switches.
    • Knowledge of the security relevant capabilities of a common server, desktop, and network technologies for Oracle and SQL databases and Microsoft Windows, Solaris, and Linux platforms.
    • Ability to research and document the latest vulnerabilities, threats, and potential risks applicable to specific IT systems.
    • Ability to provide the IA status and facilitate meetings.
    • Ability to document findings encountered during security testing and provide possible mitigation to the findings.
    • Possession of excellent analytical skills.
    • Possession of excellent oral and written communication skills

    Paragon is an Equal Opportunity Employer and does not discriminate in employment opportunities or practices on the basis of: race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability, veteran status, or any other characteristic protected by country, regional, or local law.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed