IT Security Specialist V - Penetration Tester

Job Description

Computer World Services is seeking energetic candidates to support the National Oceanica and Atmospheric Administration (NOAA) Office of the Chief Information Officer (OCIO), Cyber Security Division (CSD) in achieving NOAA's cybersecurity mission: to protect and defend the use of cyberspace from cyber-attacks, and to protect NOAA information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Qualified candidate:

Performs penetration testing to assess and identify security vulnerabilities of networks, applications, and systems. Conducts manual and automated penetration tests including blackbox, graybox, and whitebox. Analyzes and evaluates findings to identify weaknesses of the environment. Documents testing results and present suggestions for the development of countermeasures and security improvements. Utilizes a variety of assessment tools, such as Nmap, BurpSuite, Kali Linux; and scripting languages like Bash, Python, Perl or Ruby. Familiar with red team testing protocols and cybersecurity frameworks like OWASP, OSSTMM, PTES. Requires a bachelor's degree in computer and information science, it or equivalent. May have one or more security certifications such as OSCP, GWAPT, GPEN. Typically reports to a manager or head of a unit/department. Work is generally independent and collaborative in nature. Contributes to moderately complex aspects of a project. Typically requires 4 -7 years of related experience.

Key Tasks and Responsibilities

• Assessing risks to NOAA systems

• Performing Authorized penetration testing on enterprise networks including obeying Rules of Engagement, laws and regulations

• Gaining access to targeted networks

• Preforming analysis of physical and logical digital technologies, infrastructure analysis and monitoring of target (approved) networks

• Profiling system administrators and or network users and their activities

• Applying expertise to enable new exploitations - documentation of moving laterally, elevating privileges, etc.

Education & Experience

• BS/BA degree (or equivalent) preferred.

• Minimum of three years of experience required. Previous client references required.

• Knowledge of penetration testing fundamentals

• Knowledge of Kali Linux, its various toolsets

• Red team experience

• Thorough knowledge of Metasploit, Nessus, NMAP, OWASP, etc

• Working knowledge of hardware/software security implementations; communication protocols; and encryption techniques/tools.

• Ability to develop, deliver, and deploy technical solutions designed to identify and later protect NOAA data, networks, intellectual property, and national missions.

• Familiarity with the NOAA mission and major programs as described online at


One or more of the following are required:

• Offensive Security Certified Professional (OSCP)

• Offensive Security Certified Expert (OSCE)

• SAN GIAC Penetration Tester (GPEN)

• SANS GIAC Exploit Research and Advanced Penetration Tester (GXPN)

• SANS GIAC Web Application Penetrtion Tester (GWAPT)

• EC-Council License Penetration Tester (LPT)

Security Clearance

• Must be able to obtain US Government Public Trust clearance

• Candidate must be a US Citizen

Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)

• Currently remote, will be required sometimes to work at/within a NOAA facility. Position location: Silver Spring, MD.

EOE AA M/F/Vet/Disability

EEO is the Law:
Full time
Silver Spring, MD 20900, US