Pen Tester

Job Description
As a global leader in advanced defense, security, and aerospace technologies, BAE Systems offers a dynamic and challenging work environment where innovation and expertise come together to make a real impact. By joining our team, you'll be part of a collaborative and agile organization that values cutting-edge skills, creativity, and passion for delivering exceptional results.
We're seeking a highly skilled Lead Penetration Tester to join our high-performing agile team, utilizing the Scaled Agile Framework (SAFe) methodology, on a large and complex program focused on preventing, identifying, containing, and eradicating cyber threats. As a Lead Penetration Tester, you'll play a critical role in ensuring the security of Enterprise-wide information systems, working closely with cyber Subject Matter Experts (SMEs) to provide support to a large, complex technical program.
Key Responsibilities

• Design and execute internal and external penetration tests to identify vulnerabilities and develop effective mitigation strategies
• Conduct web application penetration tests, vulnerability risk assessments, and physical penetration tests, as well as social engineering analysis
• Provide cyber incident response support as needed, evaluating the impact of new development on the operational security posture of IT systems
• Collaborate with development teams to enhance their understanding of various types of vulnerabilities, attack vectors, and remediation approaches
• Work closely with System Engineering, Test Engineering, and Integration teams to ensure hardware and software architecture and implementations meet strict security requirements
• Develop and enforce information systems security policies, standards, and methodologies, serving as a Subject Matter Expert in security architecture

What You'll Achieve

• Protect Enterprise-wide information systems from cyber threats, ensuring the security and integrity of sensitive data
• Develop and implement effective security measures, collaborating with cross-functional teams to drive innovation and excellence
• Enhance your skills and expertise in penetration testing, vulnerability assessment, and incident response, staying at the forefront of cybersecurity trends and best practices

#LI-PB2
Required Education, Experience, & Skills

• Must have experience with penetration testing tools.
• Must have experience in web development and programming languages such as Java, XML, Perl and HTML.

• Must have experience with programming/scripting in Python, Powershell, C, JavaScript, etc.
• Must have extensive experience performing IT security risk assessments.
• Must have experience performing web app and physical pentests.
• Must have experience with or strong familiarity of the following Web Application tools; Burp Suite, Web Inspect, Appdetective.
• Must have experience with or strong familiarity of Kali.
• Must have experience with or strong familiarity of IPS/IDS solutions.

• Must have a strong understanding of the Cyber Kill Chain methodology.
• Must have experience applying Risk Management Framework.
• Must have experience with secure configurations of commonly used desktop and server operating systems.
• Must have the ability to effectively collaborate with technical staff and customers to form mitigation strategies and plan for continuous modernization and legacy integration.
• Must have experience managing multiple projects simultaneously and quickly and effectively adjusting to shifting priorities in resolving issues.
• Must possess a TS/SCI clearance with appropriate polygraph

MDOPS
Preferred Education, Experience, & Skills
Preferred Qualifications

• Bachelor's degree in a technical/information assurance field and at least 12 years of relevant experience.

• Certifications in one or more of the following areas strongly preferred:
  • GIAC Web Applications Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • Certified Web Application Defender (GWEB)
  • Certified Information System Security Professional (CISSP)
• Extensive experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
• Extensive experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass development, design, and implementation.

Pay Information
Full-Time Salary Range: $132962 - $226035
Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.
Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.
About BAE Systems Intelligence & Security
BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference.
Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels.
This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.