Job Description :
Sr. Penetration Tester Team Lead (H1 TRANSFERS ALSO ACCEPTED ONLY ON W2)
City: Alexandria, Virginia, United States
Employment Type: contract
visa: ANY
DURATION: LONGTERM

ROLES AND RESPONSIBILITIES

Plan, coordinate, manage and assess network security using automated and manual penetration techniques to identify security vulnerabilities for both internal and external CGI clients.
Exploit vulnerabilities and identify and document risks to networks and systems or applications.
Compromising Active Directory environments and demonstrating business impact by identifying and obtaining access to business critical assets/information
Performing social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns, web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems.
Lead our team in the development and testing of customised stealthy penetration testing or adversary simulation engagements using commercially / freely available offensive security tools and utilities built into operating systems in support of red team engagements.
Create assessment reports that document vulnerabilities, identify causes, and propose remediation strategies
Participate in management, maintenance and deployment of penetration testing tools and technologies.
Participating actively in client discussions and meetings imparting knowledge and training regarding security vulnerabilities
Creating a positive environment by monitoring workloads of the team while meeting client expectations and respecting the work-life quality of team members;
Proactively seek guidance, clarification, and feedback;
Keep leadership informed.
Provide consultative client-facing guidance and advice to customers of CGI regarding vulnerability remediation including recommending workarounds or risk mitigation strategies and approaches.
Maintain industry certifications specific to penetration testing.
- At least 7 years of hand-on experience in performing external and internal penetration tests using security testing tools, such as BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect, or other tools.
- Serves as the technical lead on penetration testing efforts
- Knowledge of Common programming and scripting languages, such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript.
- Ability to create custom scripts as needed for penetration testing
- Proficiency with red teaming tests in the performance of penetration testing
- Proficiency in mobile application penetration testing, Thorough understanding of Windows and Linux based Operating Systems, networking (TCP/IP, Ports, Active Directory, DNS, and DHCP), Switch / Router configuration, and Security; Proficiency with at least two scripting languages (e.g. Python, Bash, JavaScript, PowerShell)
- Ability to write custom exploit code
- Code review experience to identify security vulnerabilities
- An understanding of cloud computing models, technologies and concepts
- Understanding of FISMA, PCI, and Federal Risk and Authorization Management Program (FedRAMP) programs and penetration testing requirements associated with them
- Advanced written and verbal communication skills, strong analytical and interpersonal characteristics, and ability to work both independently and collaboratively.

Certification Requirement(s): • GPEN or OSCP, and/or GWAPT or LPT
Skills
Security Audit
Security Assessment
Cyber
Security,Identity,Access Mgmt
Cyber Security Consulting