Job Description:

Essential Job Functions

• Conduct host/network/application penetration testing as a member of a technical team
• Perform full-scope penetration tests (discovery and exploitation of vulnerabilities) on live network infrastructure, services, Active Directory environments, and other systems/applications
• Able to test, identify and exploit trust, misconfigurations, and vulnerabilities in live MS Active Directory environments without getting detected by advanced commercial security solutions
• Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)
• Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
• Able to write scripts in PowerShell, bash and a preferred scripting language
• Research and formulate recommendations for vulnerabilities found during assessments
• Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
• Be able to present, demonstrate, explain, and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
• Develop proof-of-concept examples and scenarios for reports and live demonstrations
• Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members
• Conduct host/network/application penetration testing as a member of a technical team
• Perform full-scope penetration tests (discovery and exploitation of vulnerabilities) on live network infrastructure services, Active Directory environments and other systems/applications
• Lead/coordinate customer engagements.
• Serve as primary point of contact and ensure the documentation and collection of documents such as rules of engagement prior to active testing.
• Able to test, identify and exploit trust, misconfigurations, and vulnerabilities in live MS Active Directory environments without getting detected by advanced commercial security solutions
• Test the exploitation of security policies and access controls in restricted/secure environments e.g. GPO bypass, privilege escalation, and A/V evasion)
• Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
• Able to write scripts in PowerShell, Bash, and a preferred scripting language
• Research and formulate recommendations for vulnerabilities found during assessments
• Employ extensive use of Microsoft Office main tools: Word, Excel
• Able to present, demonstrate, explain, and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
• Develop proof-of-concept examples and scenarios for reports and live demonstrations
• Create/document tactics, techniques, and procedures (TTP) to train and expand/share knowledge with customers and team members
• Able to review, modify and develop programs or scripts in Assembly, C++, C#, VBS, Python, Perl, Ruby, PowerShell, Bash, JavaScript, Java, PHP and other languages to exploit systems/applications, analyze data, configure systems and automate tasks
• Review custom applications source code for security flaws and vulnerabilities
• Able to test, identify and exploit vulnerabilities in web applications without the use of scanning tools Should have general knowledge and familiarity with NIST SP 800-37
• Risk Management Framework (RMF) as penetration testing may be used as part of the verification process.
• Able to support general RMF activities.

Requirements/Experience:

• Bachelors and 9 years or more experience; Masters and 7 years or more experience; PhD and 4 years related experience.

• - Must be US Citizen
• Top Secret Clearance Required
• Must be able to obtain and maintain DOE Q
• CISSP Certification Required
• Other certifications: OSCP, GPEN, CEH, Security+

If you are an applicant from the United States, Guam, or Puerto Rico

DXC Technology is an Equal Opportunity/Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age or genetic information. DXC's commitment to diversity and inclusive selection practices includes ensuring qualified long-term unemployed job seekers receive equal consideration for employment. View postings below.

We participate in E-Verify. In addition to the posters already identified, DXC provides access to prospective employees for the Federal Minimum Wage Poster, Federal Polygraph Protection Act Poster as well as any state or locality specific applicant posters. To access the postings in the link below, select your state to view all applicable federal, state and locality postings. Postings are available in English, and in Spanish, where required. View postings below.

Postings link

Disability Accommodations

If you are an individual with a disability, a disabled veteran, or a wounded warrior and you are unable or limited in your ability to access or use this site as a result of your disability, you may request a reasonable accommodation by contacting us via email.

Please note: DXC will respond only to requests for accommodations due to a disability.