Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication.
The DHS SOC Support Service Program has a critical need for a Penetration Tester. This is a full time funded position based in Washington DC.
The DHS ESOC is responsible for pen testing resources and support for public facing sites as well as high value assets within the department. The Pen Tester will establish a pen testing program for use throughout DHS, Completes hands on pen testing capabilities, Communicates recommended solutions for addressing findings from a pen testThis is a big growth area for us and our customer over the next several years and so this role is also very strategic. This position location is located at Elizabeth's USCG Headquarters in Washington, DC.
Bachelors' degree from an accredited college in a related discipline, or equivalent experience/combined education, with 8 to 12 years of professional experience; or 6 to 10 years of professional experience with a Masters' degree.
Must have a Secret Clearance with the ability to get TS/SCI. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
5 years in Pen Testing and Vulnerability Assessment
7 years of professional experience in incident detection and response, malware analysis, or cyber forensics.
Experience with any three of the seven tools listed below:• Kali Linux• Metaspoilt• Burp suite• Cobalt Strike• Tenable Nessus• Web Inspect• Scuba• Appdetective
Must have one of the following Certifications:
SANS, GPEN, GWAPT, GISF, GXPN, OSCP, OSCE, OSWP, OSEE, CISSP
Understanding of Cyber Kill Chain & Intelligence Defense.