Junior Penetration Tester

The Junior Penetration Tester supports security assessments by planning and executing tests on web applications, infrastructure, cloud environments, and other technologies connected to the client network. Responsibilities include developing test plans, performing vulnerability and risk analyses, automating testing processes, and mapping findings to NIST SP 800-53 controls to ensure compliance and improve security posture.

• Conduct security testing of IT assets, web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, COTS products, cloud implementations, common application platforms, and other technologies connecting to or interacting with the Judiciary network.
• Develop and maintain a repeatable methodology for performing security testing. Security test planning should include, but is not limited to: threat modeling, map business requirements to the applicable security requirements, determine appropriate security controls, test scenarios and test cases.
• Develop the Security Test Plans.
• Perform security testing, vulnerability analysis, and risk analysis in accordance with an industry-proven, repeatable methodology.
• Evaluate the effectiveness of security controls as they relate to the applicable security controls of the system tested.
• Relate test results to controls in NIST SP 800-53, as reflected in the JISF.
• Develop, maintain and use customized testing scripts (testing automation) for individual and team use.
• Develop and deliver reports as required.

• Knowledge and experience with manual host testing per CIS benchmarks.
• Strong knowledge of and experience with Burp Suite.
• 3+ years of experience in the information technology field.
• Knowledge of and experience with Nessus.
• Knowledge of OWASP Top 10.
• Some penetration testing experience required.
• Prefer knowledge of and experience with the following tools:
  • Acunetix
  • Appdetective
  • DbVisualizer
• Knowledge of NIST SPs and NIST Risk Management Framework (RMF).
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Strong attention to detail.

Education: Bachelor's Degree in STEM field preferred.

Certification: Industry standard certification (e.g. Security+) strongly preferred.

Clearance: Ability to obtain and maintain a Public Trust required.

The salary range for this position depends upon multiple factors including location, the individual's knowledge, skills, competencies, and experience, and contract-specific budget constraints and organizational requirements.
Gunnison Consulting Group's total compensation package also includes bonus and profit-sharing opportunities, depending on company and employee performance. Available employee benefits include:

• 3 weeks of Personal Leave your first year
• 11 paid Holidays each year
• 5 days of Flexible Time Off each year
• 401(k) company match at 50% up to 10% of your salary
• Medical, Dental and Vision Insurance
• Life and Disability Insurance
• Public Transportation Subsidies
• Certifications and Training Allowance - $2,500/year!

Why Join Gunnison?

• Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
• Quality is our top priority.
• Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
• There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
• We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
• We hire for careers at Gunnison, not to fill a position.

Equal Opportunity Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time.
In 1994 Gunnison began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.