Cloud Penetration Testing and Vulnerability Assessment Team Lead

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

Secret

Clearance Level Must Be Able to Obtain:

Top Secret/SCI

Suitability:

No Suitability Required

Public Trust/Other Required:

Job Family:

Cyber Security

Job Description:

GDIT is looking to hire a Cloud Penetration Testing and Vulnerability Assessment Team Lead to support to a cabinet level federal agency. This person would be responsible for the development and continued operations of the Cloud Security Testing and Vulnerability Assessment team. The person in this role will be the technical lead for a small, but growing, team of Cyber Security professionals working with automated and manual TTP’s, various penetration testing tools. The lead will ensure the success of cloud assessments from beginning to end. This includes responsibility for meeting with systems owners, scoping assessments, development and delivery of assessment reports, briefing system owners and stake holders.

Must possess at least six (6) years of substantive IT knowledge including four (4) years of combined hands-on Penetration Testing and cloud security experience, and demonstrate hands-on expertise and/or training in areas of cloud and mobile technologies. Must have experience leading a team of penetration testers and/or cloud security analysts. Primarily, the focus of this position is on leading the security assessments of GOV-Cloud systems (Amazon AWS, Google Cloud, and Microsoft Azure and O365, among others), assessing the risks inherent in a cloud implementation, and how that impacts the traditional “on premises” existing architecture. Secondarily, the candidate should have hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, risk assessments, secure coding practices or threat modeling. The ability to mentor and train the other team members in these technologies is a key duty of a Team Lead. Be a self-starter with, keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, strong written and verbal communication skills, and recognizing the importance of being a team player.

In addition the candidate must possess the following skill set:

• Able to lead Cloud Vulnerability Assessments using Automated and Manual TTPs.
• Have a strong understanding of Application vulnerabilities and attacks like SQLi, Serialization Attacks, XSS, CSRF, and HTTP Flooding.
• Strong understanding of Cloud offerings and technologies such as GCP, Azure, AWS,365, IaaS, SaaS, PaaS
• Strong understanding of Identity, Credential, and Access Management (ICAM) technologies and providers
• Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
• Must have solid working experience and knowledge of Windows and Unix/Linux operating system
• A demonstrated ability to mentor and train junior team members
• A familiarity of Network and System architecture analysis. Fundamentals of network routing & switching and assessing network device configurations
• Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
• Strong familiarity with OWASP top 10, PTES and NIST 800-53.
• The ability to perform static and/or dynamic code review is desired, but not required.

Other responsibilities will include:

• Provides direct supervisory guidance to senior and mid-level team members.
• Oversees and approves technical requirements of systems supporting Red Cell Cloud operations.
• Ensures cloud team members are qualified and capable of supporting the Red Cell mission. • Manage cloud assessment operations and administrative tasks
• Assess and enhance current processes for the testing of cloud implementations and vulnerability assessments of those implementations.
• Recommend mitigation and remediation strategies based upon the class and category of vulnerability
• Develop all processes, policies and operational procedures
• Briefs executive summary and findings to stakeholders to include Sr. Leadership
• Researches and maintains proficiency in offensive tools, techniques, countermeasures, and trends in computer network and cloud vulnerabilities, data hiding and network security and encryption.
• Provide support to incident response teams through capability enhancement and reporting.
• Provide mentoring and guidance to junior, mid, and senior staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis

Scheduled Weekly Hours:

40

Travel Required:

None

Telecommuting Options:

Telecommuting Not Allowed

Work Location:

USA VA Rosslyn

Additional Work Locations:

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.