- Expérience
- 3 ans et plus
- Salaire
- —
- Ouvertures
- 1
- Publié
- il y a 3 jours
- Mode de travail
- Au bureau
- Éducation
- Bachelor's Degree in STEM field preferred
- Admissibilité
- Candidates must be eligible to work in the United States, be able to obtain and maintain a Public Trust clearance, and have at least some penetration testing experience. Sponsorship is not offered.
- CV
- Candidature requise
Votre lieu de travail
Description de l'emploi
Role overview
Gunnison is seeking a Junior Penetration Tester to support security assessments across web applications, infrastructure, cloud environments, and other technologies that connect with the client network. The role centers on planning and running tests, analyzing vulnerabilities and risk, automating parts of the testing workflow, and tying results back to NIST SP 800-53 controls to strengthen security and compliance.
What you will do
- Carry out security testing on IT assets, web apps, infrastructure, mobile apps, custom software, virtual platforms, COTS products, cloud deployments, common application platforms, and other technologies that interface with the Judiciary network.
- Create and update a consistent, repeatable approach for security testing, including threat modeling, translating business needs into security requirements, identifying suitable controls, and defining test scenarios and cases.
- Prepare Security Test Plans.
- Execute security tests, vulnerability reviews, and risk assessments using a structured and repeatable methodology.
- Assess how well security controls work against the relevant controls for the system under test.
- Map testing outcomes to NIST SP 800-53 controls as documented in the JISF.
- Build, maintain, and use tailored testing scripts for both individual and team use to automate testing activities.
- Produce reports and deliver them as needed.
Requirements
- Hands-on experience with manual host testing aligned to CIS benchmarks.
- Strong working knowledge of Burp Suite.
- Strong working knowledge of Qualys.
- At least 3 years of experience in information technology.
- Working knowledge of Nessus.
- Familiarity with the OWASP Top 10.
- Some prior penetration testing experience.
- Preferred familiarity with Acunetix, Appdetective, and DbVisualizer.
- Understanding of NIST publications and the NIST Risk Management Framework (RMF).
- Knowledge of networking concepts, protocols, and network security practices.
- High attention to detail.
- Bachelor's degree in a STEM field is preferred.
- An industry-recognized certification, such as Security+, is strongly preferred.
- Must be able to obtain and maintain a Public Trust clearance.
- Must be eligible to work in the United States; sponsorship is not available.
Compensation and benefits
The pay range is not specified in the source. Total compensation may include bonus and profit-sharing opportunities based on company and employee performance, along with the following benefits:
- 3 weeks of personal leave in the first year.
- 11 paid holidays each year.
- 5 days of flexible time off each year.
- 401(k) match at 50% of contributions up to 10% of salary.
- Medical, dental, and vision coverage.
- Life and disability insurance.
- Public transportation subsidies.
- Certification and training allowance of $2,500 per year.
Why consider Gunnison
- The company focuses on challenging, high-impact work that calls for creative problem-solving and innovation.
- Quality is treated as the top priority.
- Benefits are positioned as competitive with or better than those commonly offered in the Washington, D.C. metro area.
- The workplace emphasizes camaraderie and team spirit.
- There is strong room for professional growth as the company expands.
- The organization hires for long-term careers rather than short-term staffing.
Equal opportunity and company note
Gunnison is an equal opportunity employer. Applicants must already be eligible to work in the United States, and visa sponsorship is not available. The company started serving the greater Washington, D.C. metro area in 1994 and has spent more than 25 years supporting ambitious technology initiatives.