Cybersecurity Engineer II

Gritter Francona is looking for a Cybersecurity Engineer to join our team! The Cybersecurity Engineer will act as part of the Cybersecurity Division (CSD) and the Vulnerability Management (VM) sub-division to fulfill the CSD cybersecurity mission by performing various types of assessments for Federal, State / Local / Tribal / Territorial, and Critical Infrastructure / Key Resources environments. This work will be onsite in Arlington, VA.

The Cybersecurity Engineer will participate in the operations of a Remote Penetration Testing project. The role responsibilities are as follows:

• Evaluates the security of the customer’s cyber assets by attempting to gain unauthorized access into the computer system, application, or network.
• Gathers data elements that are part of the penetration testing process that include network mapping and discovery and vulnerability scanning.

• Carries out the analysis from the position of an advisory/hacker and involve active exploitation of vulnerabilities where the Government team attempts to compromise cyber assets.

• Performs active network host and service identification using port scanning and host enumeration.

• Coordinates assessment equipment, including ensuring images on assessment equipment are up to date, equipment transport, setup and tear-down of equipment on-site, and general maintenance
• Operates in a critical fashion in dynamic environments

• Performs a phishing scan, a phishing test, or both
• Conducts a controlled spear-phishing campaign against pre-approved customer email addresses
• Performs Web Application vulnerability scanning
• Conducts OSINT gathering
• Serves as liaison and coordinates operations between the federal lead and the Level I contract support
• Serves as Subject Matter Expert for the team and guides operational tempo at the discretion of the Federal Lead
• Attends and participates in briefings and conference calls with Federal lead before and after assessment, providing technical expertise when required

• 5+ years operational experience (at least 2 years being in leadership or management capacity)

• Must possess 1 related industry certification (OSCP, OSCE, GPEN, GXPN or equivalent)
• Knowledge of host identification and exploitation of vulnerabilities
• Knowledge of phishing procedures
• In-depth knowledge and understanding of operation of assessment tools (including but not limited to Metasploit, Nmap, Burp Suite, Powersploit, and Cobalt Strike)
• Knowledge of FISMA and NIST 800 series standards
  

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Short Term & Long Term Disability
• Training & Development