Penetration Testing Consultant - Work Remotely

About Leidos

Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin’s Information Systems & Global Solutions business (IS&GS). For more information, visit http://cyber.leidos.com.

Job Description:

The selected candidate will be executing penetration testing assessments across a variety of large commercial organizations. This individual should be a motivated self-starter and have a strong foundation and understanding in Information Technology and security vulnerabilities as well as be familiar with threat modeling and attack scenarios. The scope of this role includes the ability to perform security penetration testing for large enterprises and their various environments, simulate real world cyber attack scenarios, as well as knowledge on how to successfully conduct a security red team exercise. The candidate must be able to provide actionable recommendations and guidance for clients based on the assessment findings. This candidate should have excellent communication skills, both written and oral, be willing to learn and execute on any client requests, and have the ability to interact with customer staff in structured and unstructured situations.

Basic Qualifications:

Self-Starter with ability to spin up quickly on technologies, issues, topics, and advances in the cyber security field
“Can do” attitude willing to take on challenging opportunities and delivery with excellence for all customer projects and programs
Minimum of 5 years professional experience in the Information Technology/Information Security industry
Minimum of 2 years professional experience IT-related penetration testing activities
Minimum of 2 years consulting experience
Experience with multiple Information Security domains: Cyber Intelligence Analysis, Threat Monitoring, Incident Response, Malware Analysis, Computer Forensics, Cyber Architecture, Endpoint Protection, Network Security, Infrastructure Security, Application Security, Platform Security, Identity & Access Management, Policy & Governance, Cloud Security, End User Education & Awareness, Penetration Testing, Vulnerability Scanning & Management, and Compliance & Risk Management
Experience with execution of a variety of penetration testing assessments and vulnerability assessments to include network penetration testing, web application penetration testing, mobile device penetration testing, IoT testing as well as physical and social engineering exercises.
Knowledge of the cyber threat landscape to include Advanced Persistent Threats, Cyber Crime, Hacktivism; specifically, the tactics, techniques and procedures they apply to a cyber-threat attack.
Knowledge and understanding of attack method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc.
Strong skills in various operating systems and enterprise platforms to include: Windows, Linux/Unix, Mac OS, iOS, Android, Active Directory, .Net framework, Oracle business products, SAP, etc.
Experience developing vulnerability reports with detailed finding descriptions, test case reproduction steps, and prioritized recommendations.
Experience presenting the results of penetration tests to client stakeholders to include senior or executive leadership
Knowledge of Large Fortune 500 organizations security programs and their related functions to include the SOC function, vulnerability assessment, penetration testing, security policy and procedure, security infrastructure management, network and host based defense, security engineering, etc.
Prior experience working with the Kill Chain, Diamond Model of Intrusion, and similar frameworks and concepts.
Strong technical skills with the ability to adapt to new technologies and security controls on the fly.
Cyber security certifications such as CISSP, CEH, GCIA, OSCP & OSCE
Experience with penetration testing processes, tools, and technologies and extensive knowledge of best practices regarding their implementation
Strong interpersonal, verbal, and written communication skills to successfully accomplish client-facing interactions
Position requires extensive (50% – 75%) travel within the United States, with the potential for international travel

Typical Minimums:

Bachelor’s degree from an accredited college in a related discipline, or equivalent experience/combined education, with 5 years of professional experience; or 3 years of professional experience with a related Master’s degree.

Desired Skills:

Prior experience working on a security Red Team or other technical security assessment team.
Prior experience leading a successful penetration testing engagement for a large organization.
Prior experience working in a technical role such as network administration, coding or engineering.
Prior experience conducting social engineering and client-side attacks.
Knowledge of industry research and best practices in penetration testing and red teaming.
Strong Kali Linux platform knowledge and skill working with standard penetration testing tools for discovery, vulnerability analysis, exploitation, post exploitation and social engineering.
Prior experience in presenting results to clientele leadership in person or remote.

The company’s diverse employees support vital missions for government and commercial customers. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status.