Federal - Penetration Tester II
Employment Type: Full-Time
Organization: Accenture Federal Services
Location: Washington, DC or Williston, VT
Accenture Federal Services, a wholly owned subsidiary of Accenture LLP, is a U.S. company with offices in Arlington, Virginia. Accenture's federal business has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough outcomes for clients at defense, intelligence, public safety, civilian and military health organizations.
We believe that great outcomes are everything. It's what drives us to turn bold ideas into breakthrough solutions. By combining digital technologies with what works across the world's leading businesses, we use agile approaches to help clients solve their toughest problems fast-the first time. So, you can deliver what matters most.
Count on us to help you embrace new ways of working, building for change and put customers at the core. A wholly owned subsidiary of Accenture, we bring over 30 years of experience serving the federal government, including every cabinet-level department. Our 7,200 dedicated colleagues and change makers work with our clients at the heart of the nation's priorities in defense, intel, public safety, health and civilian to help you make a difference for the people you employ, serve and protect.
Penetration tester with at least 3 years of experience performing penetration tests or incident response. A penetration testing certification is ideal but not required.
Daily responsibilities include:
* Conduct penetration tests and producing detailed reports
* Conduct threat hunting exercises based on source code and log data
* Perform exercises to test the capabilities and response of the Security Operations Center (SOC)
* Assist the SOC with threat intel research and incident response
* Test web services using automated web application scanning methodologies and tools (e.g. IBM AppScan, HP WebInspect, Acunetix WVS, etc.)
* Test web services using a manual in-depth testing methodologies and tools (e.g. Burp Suite Pro, ZAP Proxy, IronWASP, etc.)
* Summarize and document results of testing for management reporting including proper disposition of test exceptions
* Verify the security findings from other members of the penetration testing team