Jacobs Mid-Level (MDS) Penetration Tester IRES - SSFB in Colorado Springs, Colorado
Challenging Today. Reinventing Tomorrow.
We're invested in you and your success. Everything we do is more than just a project. It's our challenge as human beings, too. That's why we bring a thoughtful and collaborative approach to every one of our partnerships.
At Jacobs, we challenge the status quo and redefine how to solve the world's greatest challenges, transforming big ideas into intelligent solutions for a more connected, sustainable world.
Design your career with a company that inspires and empowers you to deliver your best work so you can evolve, grow and succeed – today and into tomorrow
The government client requires all employees to be fully vaccinated against COVID-19 for any/all positions that will require travel.
Full vaccination (against COVID-19) is defined as: an individual must be either two weeks past the last shot of a two-shot vaccination sequence, or two weeks past the only shot of a one-shot vaccination sequence.
Description of Duties:
The Mid-Level (MDS) Penetration Tester supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will:
Perform penetration and intrusion assessments across enterprise networks and maintain situational awareness of enterprise-wide cyber security.
Actively scan, analyze, and test for security vulnerabilities on multiple technologies ranging from systems, networks, and hosts.
Conduct manual vulnerability analysis and penetration testing against network infrastructure and applications.
Conduct assessment tasks that include vulnerability scanning, vulnerability verification, and application scanning using approved testing methodology.
Perform pre-assessment research including reconnaissance, documentation, and target analysis.
Perform passive and active discovery, enumeration, fingerprinting, and mapping of target hosts.
Provide direct input into test plans by gathering findings from enumeration and discovery.
Research known vulnerabilities and manually validate findings.
Validate security weaknesses, research known attacks, and develop custom tools and exploits.
Communicate findings of vulnerability analysis and penetration testing to team members and MDA CSSP-CERT personnel.
Document security weaknesses to include screenshots, logs, and provide steps to reproduce with remediation recommendations.
The successful candidate will:
Have strong familiarity with the following tools:
Have strong experience with scripting languages, such as, Bash and Python
Have experience performing security analyses of Windows and Linux operating systems
Be able to multi-task and prioritize various projects and assessments in a dynamic work environment in order to meet scheduled/unscheduled customer requests.
This position will be filled at Schriever SFB, Colorado Springs, CO
This position is expected to pay $113,600 - $123,600 annually; depending on experience, education, and any certifications that are directly related to the position.
This position will be posted for a minimum of 3 days. If a candidate has not been selected at that time, it will continue to be posted until a suitable candidate is selected or the position is closed.
Resumes, in month and year format, must be submitted with application in order to be considered for the position. The selected candidate will be assigned as an employee for Jacobs or one of our teammate companies.
Jacobs health and welfare benefits are designed to invest in you, and in the things you care about. Your health. Your well-being. Your security. Your future. Typical benefits offered include flexible work schedules and opportunities to work remotely, educational reimbursement, retirement benefits (401K match), employee stock purchase plan, health benefits, tax saving options, disability benefits, life and accident insurance, voluntary benefits, paid time off and paid holidays, and parental leave.
Here’s What You’ll Need:
Must have one of the following combinations of education and experience: HS Diploma (or GED) and 8 years of general experience; Associate's degree and 6 years of general experience; Bachelor's degree and 4 years of general experience; Master's degree and 2 years of general experience
If this position requires travel selected candidate must be willing to provide proof of fully vaccinated (against COVID-19) status? (the process of which must be completed prior to the anticipated start date)
Must have at least 5 years of direct experience combined in cyber security assessments and adversary emulation.
Must have a current DoD 8570.01-M CSSP-Auditor certification with Continuing Education (CE) - (CEH, CySA+, CISA, GSNA, CFR, or PenTest+)
Must have one of the following Penetration Tester certifications: LPT, CPT, GPEN, PenTest+, or CEPT
Must have an active DoD Secret Security Clearance
Must have or be able to obtain a DoD Top Secret/SCI Security Clearance
Have documented penetration testing experience with web applications, operating systems, network protocols, wireless, mobile, databases.
Be proficient testing web applications for common web application security vulnerabilities including input validation, broken access controls, session management, cross-site scripting issues, SQL injection and web server configuration issues.
Have hands-on experience with commercial and open-source assessment tools such as port scanners, vulnerability scanners, and exploit frameworks (e.g. Burp, Nessus, Metasploit)
Have experience extending or modifying exploits, shellcode or exploit tools.
Be able to communicate findings and possible mitigation recommendations to customers.
Be able to translate complex data into user-friendly text for publication and usage, such as, technical analysis, executive presentations, and detailed reports
Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law. Learn more about your rights under Federal EEO laws (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) and supplemental language (https://www.eeoc.gov/sites/default/files/migrated_files/employers/eeoc_gina_supplement.pdf) .