PENETRATION TEST SUBJECT MATTER EXPERT
It is desirable that the Penetration test SME have the following qualifications:
Minimum five years experience conducting penetration testing activities on web based IT systems, including efforts such as Open Source Analysis (e.g. Google hacking), Business Logic Analysis, System and Service Fingerprinting, Nmap Scans, Web Server Scans, DNS Zone Transfer, OWASP Top Ten, Error Message Exploitation, Session ID Prediction, and Privilege Escalation
Minimum five (5) years experience using the a wide array of technical testing tools (e.g. Tenable Nessus, HP WebInspect, IBM AppScan, Acunetix, AppDetective, eEye Retina, etc.) including installation and licensing, configuration, customization, error handling, interpretation of results, false-positive identification
Minimum five (5) years experience in technical system security hardening (Windows XP/7, Windows Server 2003/2008, Linux Red Hat, Solaris, Cisco IOS, VMWare, Oracle, Sybase, MSSQL, Mainframe, Apache, Internet Information Server)
Desirable current Professional Certification(s): CISSP, CSSLP, SSCP, CISM, CISA, GSEC, GCIA, GCIH, GCWN, GCUX, CEH certification (CISSP preferred)
Secret or public trust clearance - must have had at least a successful Limited Background Investigation.