Penetration testing service - NPCL Support

Essential Qualifications/Experience:

·       Bachelor of Science (BSc) degree at a nationally recognised/certified university in a technical subject with substantial Information Technology (IT) content and 3 years post-related experience. As an exception, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that are of interest to the NCI Agency

·       Extensive knowledge and experience (at least 3 years) in the following areas:

ü  Web application penetration testing

ü  IT infrastructure penetration testing

ü  Network security architecture design

ü  Assessing security vulnerabilities within OS, software, protocols & networks

ü  Researching and evaluating security products & technologies

ü  Knowledge in system and network administration of UNIX and Windows systems

ü  Use of penetration testing tools, techniques, and recognized testing methodologies

ü  Scripting skills in at least one of the following: Python, Go, PowerShell, shell (bash, ksh, csh)

ü  Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies

ü  Ability to evaluate risks and formulate mitigation plans

ü  Proven ability to brief at executive level on security findings, reports and testing outcome

ü  Proven ability to write clear and structured technical reports including executive summary, technical findings and remediation plan for several different audiences

Desirable Qualifications/Experience:

·       Professional qualifications: OSCP, OSCE, OSWE, GPEN, CREST Certified Web Application Tester, GXPN, GWAPT or equivalent

·       Familiarity with risk analysis methodologies

·       Prior experience of working in an international environment comprising both military and civilian elements

DUTIES/ROLE:

·       Provide Web, infrastructure and application-level penetration testing, including but not limited to COTS software and NOTS/GOTS software (NATO/Government off the Shelf), following clearly defined methodologies

·       Participate in kick-off meetings with stakeholders and technical points of contact in order to identify requirements for testing

·       Follow the documented procedures and workflows outlined by the technical leads

·       Attend team meetings if required

·       Write technical reports in fluent English, following defined templates and Reporting Tools

·       Brief at both executive and technical levels on security reports and testing outcome, including at flag officer level

·       In case of new vulnerabilities detected for COTS software, follow the Responsible Disclosure Process and follow-up with vendors and stakeholders

·       In co-ordination with the Technical Lead of the Penetration testing team, ensure proactive collaboration and coordination with internal and external stakeholders

·       Stay abreast of technological developments relevant to the area of work

·       Perform any other duties as may be required