This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

The hottest job offers in the state of Virgina

To post a job, login or create an account |  Post a Job

Penetration Tester


This is a Full-time position in Fairfax, VA posted November 21, 2021.

ECS is seeking a Penetration Tester to work in our Fairfax, VA office.

Job Description:
As a leading managed cybersecurity services provider, ECS delivers a highly tailored and customized offering to each customer. Our team is responsible for protecting the ECS corporate and customer networks. We will leverage your unique skills to help solve customers’ challenges, such as engineering a system to address a technical hurdle, protecting customer data, or consulting on a wide range of security topics. You are empowered to engage and lead across multiple groups and must have the self-sufficiency and focus to work well without constant oversight.

Our Tier 3 Penetration Tester (pentester) is the senior pentester within ECS’ Advanced Research Center (ARC). This role is responsible for the growth and maturation of the pentesting program, including systematically finding and validating information security vulnerabilities in customer environments. They support the commercial cybersecurity program during core business hours.


  • Conduct authorized pentesting services in customer environments for the purpose of identifying security vulnerabilities that threat actors could potentially exploit.
  • Apply and use authorized capabilities and technologies to enable access to target networks.
  • Apply and obey applicable statutes, laws, regulations, and policies when performing pentesting services.
  • Communicate new developments, breakthroughs, challenges, and lessons learned to leadership and customers.
  • Evaluate new attacks and tools, then deploy them against live targets to help improve customer defenses.
  • Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.
  • Understand current exploits, attack methodologies, and detection techniques using a wide variety of security products.
  • Leverage threat intelligence to emulate known threat actor tactics, techniques, and procedures (TTPs).
  • Shares lessons learned, initial indicators of detection and opportunities for strengthening signature-based detection capabilities.
  • Maintain awareness of advancements in hardware and software technologies and their potential implications for red team operations.
  • Maintain proficiency in the MITRE ATT&CK Framework. When appropriate, reference the ATT&CK Framework when producing test reports.
  • Communicate cyber events to stakeholders through oral presentations and written reports.
  • Other duties as assigned.

Required Skills:

  • B.S. or M.S. in cybersecurity, information security, computer science, or a related field.
  • 8+ years of experience in information security performing pentesting or in a related field.
  • Strong leadership abilities, with the capability to develop and guide junior pentesters and work with minimal supervision.
  • Excellent verbal, written, and interpersonal communication skills, including the ability to communicate effectively with the technical and non-technical personnel, project management teams, management, and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices, and strategies.
  • Instinctive and creative, with an ability to think like the enemy. Deep knowledge of hacker culture.
  • Technical expertise in system security vulnerabilities and remediation techniques, network, and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
  • Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
  • An ability to effectively influence others to modify their opinions, plans, or behaviors.
  • An understanding of organizational mission, values, goals, and consistent application of this knowledge.
  • Good judgment and a sense of urgency, and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service, and business integrity.
  • Can interface with, and gain the respect of, stakeholders at all levels and roles in the company and with MSP customers.

Desired Skills:

  • Possess one or more offensive security certifications from the following list: GIAC certified pen tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), offensive certified security professional (OSCP), or offensive security certified (OSC).
  • Expertise with pentesting tools such as Metaspoit, Burp Suite, NMAP, Kali Linux, Cobalt Strike, Mimikatz, and Powershell-Suite.
  • Technical expertise in system security vulnerabilities and remediation techniques, network, and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.).
  • Technical expertise in security engineering, system and network security, authentication, and security protocols.
  • Knowledge of advanced persistent threat (APT) actor tactics, techniques, and procedures (TTPs).
  • Practical experience using MITRE ATT&CK for offensive security operations and tests.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.