OBXtek is seeking an experienced Penetration Tester / Security Control Assessor to support the Department of State Consular Affairs (CA) Bureau.
OBXtek provides CA support for advanced penetration testing, static (manual and automated) and dynamic code reviews; ensuring that the production environment is securely configured and operational.
Design penetration tests exercises to test the overall strength of a system as defined in the SSP defenses (technology, processes, and people) by simulating the objectives and actions of an attacker.
Once the penetration test is completed, the pen-tester analyzes findings, creates actionable findings reports, assists stakeholders in understanding and remediating findings, and documenting processes.
Working with the following:
- Using appropriate penetration testing tools (e.g., Nessus Pro, Tenable.sc, Kali Linux, Burp Suite, and examples in NIST 800-115)
- Penetration Testing (skills and methodology)
- Application Security Testing
- Operating systems (LINUX, Windows, Android, iOS)
- Vulnerability Scanning
- Application servers
- Web servers (IIS, Tomcat, and Apache)
- Database management systems (Oracle, SQL Server, MySQL)
- Programming and scripting languages as needed
- Source Code Security Analysis
- Reverse engineering
- Exploit development
- Network devices (firewalls, routers, switches)
- Network protocols
- Social Engineering
- Network Sniffing
- Password Cracking and Compliance Testing
- Computer Forensic fundamentals
- Network Discovery
- Remote Access Testing
- Network Port and Service Identification
- Application build process & tools