Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies.
ICAM Pen Tester
Location
United States
Posted
3 days ago
Salary
0
Seniority
Mid Level
Job Description
ICAM Pen Tester
Koniag Government Services, LLC
Role Description Koniag IT Systems, LLC, a Koniag Government Services company, is seeking an experienced ICAM Penetration Tester to join a team supporting Identity, Credential, and Access Management (ICAM) solutions for our government customers. The ideal candidate is a highly skilled and technically proficient security professional with deep expertise in penetration testing methodologies and a strong understanding of identity and access management architectures, protocols, and technologies in a federal environment. This individual will play a critical role in proactively identifying and assessing vulnerabilities within ICAM systems and infrastructure, helping to strengthen the overall security posture of mission-critical identity and access management programs. The ICAM Penetration Tester will be responsible for planning, executing, and reporting on penetration tests and security assessments targeting ICAM systems, infrastructure, and related integrations in a federal government environment. This individual will work closely with ICAM engineers, information system security managers (ISSMs), security teams, and government stakeholders to identify vulnerabilities, assess risk, and provide actionable remediation recommendations that strengthen the security of identity and access management solutions. - Plan, scope, and execute penetration tests and security assessments against ICAM systems, platforms, and integrations, including identity providers, access management solutions, directory services, and federation components. - Conduct targeted security assessments of ICAM-specific attack surfaces, including authentication mechanisms, authorization controls, identity federation protocols, single sign-on implementations, multi-factor authentication configurations, and privileged access management systems. - Perform adversarial simulations and red team exercises focused on identity-based attack techniques, including credential theft, privilege escalation, lateral movement, token manipulation, session hijacking, and identity spoofing. - Assess the security of ICAM protocols and standards implementations, including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), LDAP, and Kerberos, identifying misconfigurations and exploitable weaknesses. - Conduct vulnerability assessments and security reviews of ICAM platform configurations, including Okta, SailPoint, Active Directory, and related identity infrastructure components. - Perform web application penetration testing against ICAM portals, administrative consoles, APIs, and self-service interfaces. - Conduct API security testing against ICAM REST and SCIM APIs, identifying vulnerabilities such as broken object level authorization, excessive data exposure, and injection flaws. - Simulate social engineering and phishing attacks targeting identity credentials and authentication mechanisms to assess human and technical control effectiveness. - Document and communicate penetration test findings in clear, detailed reports tailored to both technical and executive audiences, including vulnerability descriptions, risk ratings, evidence, and actionable remediation recommendations. - Collaborate with ICAM engineers, administrators, and ISSMs to validate and prioritize remediation efforts and re-test vulnerabilities following remediation activities. - Support the development and maintenance of penetration testing methodologies, playbooks, and procedures specific to ICAM environments. - Contribute to threat modeling activities, identifying potential attack vectors and adversarial techniques relevant to ICAM architectures and federal identity management programs. - Stay current with the latest identity-related vulnerabilities, attack techniques, threat actor tactics, techniques, and procedures (TTPs), and emerging security research relevant to ICAM. - Support ATO processes by contributing findings and security assessment results to security documentation, including Security Assessment Reports (SARs) and Plans of Action and Milestones (POA&Ms). - Provide technical guidance and recommendations on ICAM security hardening, secure configuration baselines, and identity security best practices. - Participate in purple team exercises, collaborating with defensive security teams to improve detection and response capabilities for identity-based attacks. Qualifications - Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field from an accredited college or university; equivalent work experience may be considered in lieu of a degree. - 4+ years of hands-on experience conducting penetration tests and security assessments in an enterprise or federal government IT environment. - 2+ years of experience performing security assessments specifically targeting identity and access management systems, protocols, or infrastructure. - Active Secret Clearance required. Requirements - Exceptional communication skills in English – both written and oral – with the ability to clearly communicate complex technical vulnerabilities and risks to both technical and non-technical audiences, including senior leadership and government stakeholders. - Demonstrated hands-on experience planning and executing penetration tests using industry-standard methodologies, including PTES (Penetration Testing Execution Standard), OWASP Testing Guide, and MITRE ATT&CK framework. - Deep understanding of identity and access management attack techniques and adversarial tactics, including credential harvesting, pass-the-hash, pass-the-ticket, Kerberoasting, golden ticket attacks, token forgery, OAuth abuse, and SAML injection. - Strong knowledge of ICAM protocols and their associated vulnerabilities, including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), LDAP, Kerberos, and SCIM. - Experience conducting web application penetration testing, including testing of authentication and authorization mechanisms, session management, and API security. - Proficiency with penetration testing tools and frameworks, including Metasploit, Burp Suite, Cobalt Strike, BloodHound, Impacket, Mimikatz, or equivalent toolsets. - Experience assessing Active Directory environments for identity-related vulnerabilities, misconfigurations, and attack paths. - Familiarity with Okta, SailPoint, or similar ICAM platforms and the ability to assess their configurations for security weaknesses. - Experience developing detailed, high-quality penetration test reports with clear vulnerability descriptions, risk ratings, evidence, and remediation recommendations. - Knowledge of common vulnerability scoring systems, including CVSS, and the ability to accurately assess and communicate risk severity. - Strong understanding of network protocols, operating systems, and cloud environments and their intersection with identity security. - Familiarity with NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment) and other federal security assessment standards. - Ability to work collaboratively with defensive security teams, ICAM engineers, and government stakeholders in a responsible and professional manner. Benefits - Competitive compensation. - Extraordinary benefits package including health, dental and vision insurance. - 401K with company matching. - Flexible spending accounts. - Paid holidays. - Three weeks paid time off. - And more.
Related Guides
Related Categories
Related Job Pages
More QA Engineer Jobs
• Develop the master test strategy, test plans, and test cases covering all facets of the digital banking platform. • Build and manage automated testing frameworks, performance testing, and security testing protocols. • Lead business validation testing, regression testing, and operational testing across multiple environments. • Drive defect triage and prioritization, and manage the ultimate UAT test signoff and business approval process. • Implement CI/CD pipeline test integrations and automated deployment workflows.
Software Quality Assurance Engineer – III
Thermo Fisher ScientificThe World Leader In Serving Science
• Design, develop, and execute comprehensive test strategies, test plans, and test cases for complex software systems. • Develop, maintain, and improve automated test frameworks and automated regression test suites. • Perform functional, integration, system, exploratory, regression, API, database, and end-to-end testing. • Identify, document, prioritize, and help drive resolution of software defects through effective collaboration with development teams. • Analyze test results, identify root causes of quality issues, and recommend corrective and preventive actions. • Collaborate with cross-functional Agile teams to ensure quality is built into every stage of the software development lifecycle. • Contribute to CI/CD pipelines by integrating automated testing into deployment workflows. • Develop meaningful quality metrics, test reports, and release readiness assessments to support informed decision-making. • Support software verification and validation activities for regulated products, ensuring compliance with applicable quality and regulatory standards. • Participate in risk assessments, design reviews, and technical discussions to proactively identify quality risks. • Mentor junior QA engineers and promote software quality best practices across development teams. • Continuously evaluate emerging testing technologies and recommend improvements to testing processes, tools, and automation capabilities.
• Develop and participate in test strategy discussions, ensuring test coverage for the newly created product features • Ensure that defined QA Processes are followed in all aspects of project (plan, design, implement, execute, evaluate) • Prepare reports and results of software testing • Establish trust and build relationship with project stakeholders and team members (including offshore)
Role Description We are looking for an experienced QA Test Lead with 5+ years of software testing experience and proven leadership capabilities to lead quality assurance activities across multiple projects. The ideal candidate will be responsible for: - Defining the testing strategy, managing testing teams, ensuring comprehensive test coverage, coordinating defect resolution, and driving continuous improvements in software quality throughout the project lifecycle. Key Responsibilities: - Own the overall testing strategy, test planning, estimation, scheduling, and execution across projects. - Lead, mentor, and coordinate QA engineers, testers, and third-party testing vendors. - Review business requirements, functional specifications, and user stories for completeness, quality, and testability. - Define testing scope, testing approach, test cases, test data requirements, and entry/exit criteria. - Oversee Functional, Integration, Regression, System, and User Acceptance Testing activities. - Track defects throughout the testing lifecycle and coordinate timely resolution with development teams. - Conduct defect triage meetings and prioritize issues based on business impact. - Monitor testing progress, identify risks, remove blockers, and provide regular status updates to project stakeholders. - Ensure release readiness by validating quality gates and supporting Go/No-Go decisions. - Establish quality metrics, dashboards, and KPI reporting. - Drive QA process improvements and identify opportunities for test automation. - Maintain testing documentation, traceability, compliance, and audit readiness. - Collaborate with Business Analysts, Developers, Product Owners, and Project Managers to ensure successful project delivery. Qualifications - Minimum 5 years of software testing experience with leadership or test coordination responsibilities. - Strong expertise in Software Testing Life Cycle (STLC), SDLC, and defect management processes. - Extensive experience preparing Test Strategy, Test Plans, Test Cases, Test Scripts, and Test Summary Reports. - Strong understanding of Functional, Regression, Integration, System, and UAT Testing methodologies. - Experience with test management tools including JIRA, Zephyr, qTest, HP ALM, Azure DevOps, or equivalent. - Ability to analyze complex business and technical requirements and translate them into effective testing strategies. - Strong experience working in Agile/Scrum and Waterfall delivery models. - Excellent stakeholder management, leadership, communication, and reporting skills. Preferred Skills - Experience leading distributed or offshore QA teams. - Exposure to automation frameworks such as Selenium, Cypress, Playwright, or similar. - Experience with API testing and performance testing tools. - Working knowledge of SQL for data validation. - Familiarity with CI/CD pipelines and DevOps practices. - Experience in highly regulated or enterprise environments is an advantage.


