Sr. Penetration Tester

FWG Solutions is a rapidly growing systems integrator and premier small business provider of technology services to government and commercial clients. We are a trusted provider of cybersecurity, logistics, advanced engineering and operational support services to the United States Department of Defense (DoD), Intelligence Community and Federal Civilian agencies. We are a quality driven organization that leverages its ISO 20000-1:2011, ISO 27001:2013 and CMMI Level 2 quality standards, certifications and service delivery expertise to support all of our clients.Our client’s program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots, and prototypes. This includes solution planning and engineering, defining security requirements, target architecture, interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this team, you will contribute to the engineering of current and emerging cybersecurity systems, policies, and processes to enforce standards and identify vulnerabilities and capability gaps, and reduce the cybersecurity risk of our customer networks. The ST&E team is expected to have the knowledge and extensive experience in networking, systems management, programming, and tool development, the UNIX (different variants) operating system, the Microsoft Windows (different variants) operating system, security analyst tools and techniques, and system design and architecture is necessary to identify required modifications, determine innovative solutions, and to recommend sound security measures.**This position is eligible for maximum telework (>50%) for applicants residing in the National Capital Region (DC, MD, VA).****This position’s office location can be either Sterling, VA, or Rockville, MD.**Required Education, Experience, & Skills Minimum of 5 years of experience in penetration testing, including experience with the MITRE ATT&CK Framework. Extensive experience with OWASP – OWASP Top Ten, OWASP Application Security Verification Standard (ASVS), and OWASP Web Security Testing Guide (WSTG). Demonstrated ability to identify and exploit vulnerabilities using the MITRE ATT&CK Framework. Strong knowledge of Linux-based systems and Windows operating systems, including Active Directory. Proficiency on the command line and extensive knowledge of the operating system you are assessing. Familiarity with various network security tools and techniques, such as vulnerability scanners, port scanners, and network sniffers. Perform penetration tests and vulnerability assessments on AWS's infrastructure, applications, and services hosted in the cloud. Create customized attack scenarios and exploits to evaluate the efficacy of Amazon security safeguards. Detect and assess possible dangers and channels of attack unique to AWS settings. Work with customers to discover and resolve AWS-based application and service vulnerabilities and weaknesses. Build and maintain AWS cloud penetration testing scripts, tools, and procedures. Two years of experience performing source code analysis. Experience using Checkmarx for source code analysis. Experience conducting Infrastructure as Code (IaS) analysis Experience in Red Team (preferable) or Blue Team penetration testing. Candidate should be willing to mentor.Preferred Education, Experience, & SkillsDeep understanding of the methodology associated with penetration testing, such as creating Rules of Behavior, selection of pen testing team, and having a developed tool kit.Cloud experience is a plus! (AWS or Azure)Proficiency in one or more programming/scripting language(s).ANY OF THE BELOW CREDENTIALS ARE A PLUS!·                     Licensed Penetration Tester (LPT) Master·                     Offensive Security Certified Professional (OSCP)·                     Certified Ethical Hacker (CEH)·                     IACRB Certified Expert Penetration Tester (CEPT)·                     IACRB Certified Expert Penetration Tester (CPT)·                     Certified Red Team Operations Professional (CRTOP)·                     CompTIA’s PenTest+·                     GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); and/or·                     GIAC Penetration Tester (GPEN)·                     Hack The Box (HTB) Certified Penetration Testing Specialist (CPTS)·                     Burp Suite Certified Practitioner (BSCP) This opportunity offers career development and growth, competitive compensation, and a robust benefits package with 4 Weeks PTO w/ rollover, 11 paid holidays, company paid events and training, and 401(k) retirement plan with company match. FWG holds multiple government contracting vehicles as a Prime Contractor to include: 8(a) Set-Aside; STARS III; GSA IT-70; Army ITES-3S; and CIO-SP3. FWG Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law. FWG welcomes all individuals with disabilities and protected veterans to apply for our jobs.If you require accessibility assistance for this open position, please contact the Human Resources Department at [email protected]. VEVRAA Federal Contractor, Equal Opportunity Employer (EOE)/AA Minority/Female/Veteran/Disabled/LGBTQ are encouraged to apply.