Core Competencies:

• Knowledge of host identification and exploitation of vulnerabilities

• Knowledge of phishing procedures

• Knowledge of script writing and crafting of payloads

• Knowledge of database operations and system/network administration

• In-depth knowledge and understanding of operation of assessment tools (including but not limited to Metasploit, Nmap, Burp Suite, Powersploit, and Cobalt Strike)

• Ability to operate in a critical fashion in dynamic environments

• Knowledge of FISMA and NIST 800 series standards

• In-depth knowledge of network mapping, vulnerability scanning, penetration testing, and Web Application testing

• In-depth knowledge of the procedures of Phishing Assessments, Wireless Assessments, Operating System Security Assessments, and Database Assessments

Requirements:

2-3 years operational experience, at least one related industry certification [OSCP, OSCE, GPEN, GXPN, or equivalent]). Proficiency includes all core competencies mentioned above in addition to:

• Coordinates assessment equipment, including ensuring images on assessment equipment are up to date, equipment transport, setup and tear-down of equipment on-site, and general maintenance

• Operates assessment tools, under the direction of the Government, the IT Security Expert Level II, and NCATS Assessment Standard Operating Procedures

• Assists the IT Security Expert Level II with development of documentation and reporting for coordination of Assessment report in accordance with the appropriate report template at the direction of the Government.