AT&T has an opening for a Penetration Tester Level 3 to support the US Army Engineer and Research Development Center (ERDC) , in providing cyber/IT-related capabilities. This support will also provide technical expertise in developing, deploying, and managing solutions exclusively to Federal Government clients’ business needs.
- Execute technical actions (scanning, software tool execution, script execution, etc.) to identify networks, hosts, technologies, software/hardware versions, vulnerabilities, etc
- Conduct Open Source Intelligence (OSINT) on the target technology, network, application, etc
- Develop a complete picture of the DREN public-facing attack surface using the information gained from these actions. The contractor shall ensure the discovery of the DREN attack surface is updated quarterly to ensure accuracy of results
- Perform web application penetration testing against public-facing web applications on the DREN. The Government estimates that a third of web-enabled public-facing assets will require annual penetration testing.
- Perform security configuration validations in support of operations orders, directives, guidance, or taskings to include validation of remediation of Vulnerability Disclosure
- Program (VDP) findings within the applicable timeline. These assessments are typically a confirmation of a web setting or enumeration of a vendor product
- Perform cyber operations using documented TTPs to ensure high-quality and repeatable processes. If no applicable TTPs are available, the contractor shall document actual testing
- procedures and results and add those as new TTPs to the Government’s repository prior to completion of the engagement
- Provide direct customer support and issue tracking
- The contractor shall track customer interaction through Government provided ticketing/issue tracking systems and provide sufficient documentation to allow for a third party to interpret the actions and status of the issue
- The contractor shall include supporting artifacts or be referenced such that those artifacts can be retrieved and reviewed
- Attend daily team synchronization calls, weekly status meetings, and briefings, in support of DRENCYBER BAT operations
Applicant must be SECRET eligible. US Citizenship is required (#secret)
- 5 to 7 years of Web App Testing
- Certifications consist of one of the following: GIAC: GPEN, GWAPT, GXPN OSCP,OSCE, OSWE, OSWP, OSEE
AT&T a good place to be
I believe in AT&T and know they are at the edge of technology. The company believes in their people and offers all kinds of training to enable us to take on new jobs and to stay at the front of technology. The software defined network which we are building is the newest technology and AT&T has been involved since early 2000s. You have a great deal of autonomy at AT&T as long as you get the job done. You have the ability to do different jobs and to be challenged at all times.
I really have little negative to say about AT&T I have worked here for 35 years on March 23rd of 2016.Current Employee - PROFESSIONAL-NETWORK DESIGN ENGINEER+
- One Star Rating
- Two Star Rating
- Three Star Rating
- Four Star Rating
This is the life – the #LifeAtATT, that is. We’re creating what’s next and having a blast doing it. You’re looking for proof? Well, see for yourself.