ASRC Federal Broadleaf Division is actively hiring a Penetration Tester in support of our DCSA program based out of Quantico VA. Remote flexibility available!This is primarily a Telework position with a requirement to be onsite up to two (2) days a week.ASRC Federal is seeking a Penetration Tester, who will provide broad and in-depth knowledge to conduct offensive cyber operations across the organization. In this role, they will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective, and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques.BASIC QUALIFICATIONS:Candidates should demonstrate a detailed knowledge the following:Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate riskDocument security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholdersProvide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testingConsult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasuresExperience in offensive security, with the ability to think like an adversaryStrong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networksStrong experience in operating system and application security hardening and best practicesStrong investigative mindset with an attention to detailExperience with multiple operating systems to include Windows, Mac OS, Unix/Linux, and mobile platformsExperience conducting assessments for solutions consisting of a variety of technology stacks and architectural implementations, hosting providers and tools e.g., Rapid7 Nexpose, Appspider Pro, Metasploit or Cobalt Strike / Core Impact.Exposure and understanding of enterprise solutions from a functional and security perspective#BroadleafRequirements:YEARS EXPERIENCE:At least two (2) years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures.EDUCATION REQUIREMENTS:Bachelor s Degree, or equivalent experience in Cybersecurity, and/or Information Systems Management, Information TechnologyCERTIFICAITON(S):Must meet 8570 certification requirements at the time of hire. IAT II Information Assurance Baseline (e.g., CASP+ CE, CCMP Security, CISA, CISSP, GCED, GCIH, Security+ CE or CCSP) In addition to the IA baseline, a CSSP Auditor cert is preferred (e.g., CEH, CySA+, CISA, GSNA, CFR or PenTest)CLEARANCE LEVEL:Active Top-Secret Clearance REQUIRED, eligible to be upgraded to TS/SCIWORK ENVIRONMENT AND PHYSICAL DEMANDS:This is primarily a Telework position with a requirement to be onsite up to two (2) days a week.If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection.Must speak English well enough to communicate complex technical ideas to a diverse customer both verbally and in written form.ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.