This position is expected to conduct penetration testing activities on High Value Asset (HVA) systems owned and operated by federal civilian agencies. This position requires experience in providing penetration testing services using a variety of tactics, techniques, and procedures to identify exploitable vulnerabilities in networks and systems. They will also measure compliance with organizational security policies, test whether staff are aware of security issues, and ultimately determine the organization’s risk to cybersecurity threats. Other Responsibilities Will Include Performing network mapping and reconnaissance, documenting Rules of Engagement to guide the scope, developing test plan, and assisting with acquiring management approval. External Testing: Conducting a variety of penetration tests based on system’s criticality, test objectives, and organization’s requirements to include: Working with IT personnel to define scope for targeted testing; and Mimicking an outside attacker to gain access to system and what information can be accessed. Internal Testing: Mimicking an outside an insider attack to determine risk employees with various access levels pose to the organization. Red Team Testing: Focusing testing activity towards accessing specific target datasets. Testing methodology should include crafted e-mails, custom public websites, exploit code, and social engineering. Analyzing test results, developing a report on discovered vulnerabilities, and providing risk-based recommendations to remediate those vulnerabilities.