We are seeking a Cyber Penetration Tester to conduct comprehensive security assessments for federal government systems. This position is located in Washington, D.C. Active Secret Clearance is required.
Position Description:
The Senior Cyber Penetration Tester will perform advanced security testing across diverse systems and environments to identify and exploit vulnerabilities.
Key responsibilities:
- Conduct continuous penetration testing of enterprise IT environments
- Perform security assessments on various platforms including mobile devices, web applications, APIs, and databases
- Execute red team operations emulating Advanced Persistent Threat (APT) actors
- Develop and implement phishing assessments
- Perform network mapping and vulnerability scanning
- Validate security control effectiveness
- Create detailed test plans and standard operating procedures
- Verify remediation of identified vulnerabilities
- Conduct source code analysis
- Assess authentication and authorization mechanisms
- Test cryptographic implementations
- Develop comprehensive technical reports and recommendations
Required Education and Experience:
- Bachelor's degree in Cybersecurity, Computer Science, or related field, OR 4+ years of experience in penetration testing, OR Security certification (e.g. Security+, SecurityX, CySA+, GCIH, GSE, CISA, CISM, etc.)
- Demonstrated experience in security testing and vulnerability assessment
- An Active Secret Clearance
Required Skills and Competencies:
- Expert knowledge of penetration testing methodologies and tools
- Experience with web application security testing
- Proficiency in network security assessment
- Knowledge of mobile device and application security
- Experience with API security testing
- Strong understanding of database security
- Expertise in social engineering techniques
- Ability to develop and execute test plans
- Experience with security tools and frameworks
- Strong technical writing and documentation skills
- Excellence in vulnerability identification and exploitation
- Knowledge of threat actor TTPs
Desired Skills and Competencies:
- Additional security certifications (e.g. OSCP+, CEH, GPEN)
- Programming/scripting capabilities
- Experience with cloud security testing
- Knowledge of DevSecOps practices
- Red team operation experience
- Familiarity with federal security requirements
- Experience with automated testing tools
- Understanding of compliance frameworks
- Incident response experience
- Malware analysis skills