Assoc. Penetration Tester

At FTI, we are united by one common mission; supporting those that protect our nation so they can make the best-informed decisions during critical moments when seconds count. We want you to bring your passion and expertise to contribute to that essential mission. We strive to incorporate our values to create a culture of collaboration and trust, where you can share your ideas and innovate. If you are inspired by making a positive impact through developing data driven solutions, FTI would appreciate the opportunity to learn more about you.

We have an exciting technical opportunity for an Assoc. Penetration Tester for the Operational Test & Evaluation (OT&E) of the Department of the Navy's Commander, Operational Test and Evaluation Force in Norfolk, VA. In this role you will provide support for conducting penetration testing on applications, systems, and networks in support of national security. This is a rare opportunity to join a truly elite team of Penetration Testers.

Capable of conducting penetration tests on applications, systems, and network utilizing proven/formal processes and industry standards.
• Conduct open source research and system under test documentation review to familiarize with the system's mission, architecture and interfaces including critical components to identify its attack surface and threat vectors.
• Work with the Cyber Test Engineers and SMEs to generate specific test objectives for incorporation into the overall test plan.
• Conduct cooperative vulnerability penetration assessments and adversarial assessments in accordance with DoD guidance.
• Attend site visits and conduct manual examination of system and network configurations, system logs, and devices.
• Observe, collect, and analyze Cyber OT&E test data.
• Generate Cyber OT&E deficiency sheets and final report with established timeline including specified report artifacts in accordance with COMOPTEVFOR Cyber OT&E policies, processes and procedures using established templates.
• Employee ethical hacking expertise to exploit discovered vulnerabilities and misconfigurations associated with but not limited to operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.) to accomplish test objectives.
• Research various cyber TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into Cyber Survivability test planning and execution.
• Develop and utilize program specific testing methodology for threat emulation and vulnerability validation.
• Support cyber toolset development, improvement and validation.
• Support development and execution of TTPs for penetration testing/Red Teaming.

Required:

• Active U.S. DoD Secret Security Clearance.
• 0-2 years of experience including one of the following:
  • 1 penetration testing internship including practical experience.
  • 1 of the following certifications: eJPT, CEH, CompTIA PenTest+, or GIAC Penetration Tester (GPEN).
  • 1 year of Tryhackme, bug bounty, or capture the flag experience.
• Must be able to obtain Offensive Security Certified Professional (OSCP) within 6 months of hire.
• Bachelor's degree in Computer Science, Mathematics, Engineering or related fields or relevant years of experience.
• Proficient in at least one Operating Systems to include: Windows, Linux and Unix variants, embedded and Real-Time Operating Systems.
• Proficient in at least one of the following scripting languages: PowerShell, Bash, Python, Ruby.
• Proficient in multiple offensive tools/technologies to include: Metasploit, Cobalt Strike, Core Impact, Burp Suite, SDR, Wireless, Intercepting Proxies, etc.
• Ability to support 25% CONUS travel is expected with this role, however up to 40% may be required as needed; OCONUS travel is rare.

Preferred:

• DoD Red team experience.
• DoD / Navy environment experience.

#LI-KC1

#LI-Onsite