Cyber Penetration Tester

We are seeking a Cyber Penetration Tester to conduct comprehensive security assessments for federal government systems. This position is located in Washington, D.C. Active Secret Clearance is required.

Position Description:
The Senior Cyber Penetration Tester will perform advanced security testing across diverse systems and environments to identify and exploit vulnerabilities.

Key responsibilities:

• Conduct continuous penetration testing of enterprise IT environments
• Perform security assessments on various platforms including mobile devices, web applications, APIs, and databases
• Execute red team operations emulating Advanced Persistent Threat (APT) actors
• Develop and implement phishing assessments
• Perform network mapping and vulnerability scanning
• Validate security control effectiveness
• Create detailed test plans and standard operating procedures
• Verify remediation of identified vulnerabilities
• Conduct source code analysis
• Assess authentication and authorization mechanisms
• Test cryptographic implementations
• Develop comprehensive technical reports and recommendations

Required Education and Experience:

• Bachelor's degree in Cybersecurity, Computer Science, or related field, OR 4+ years of experience in penetration testing, OR Security certification (e.g. Security+, SecurityX, CySA+, GCIH, GSE, CISA, CISM, etc.)
• Demonstrated experience in security testing and vulnerability assessment
• An Active Secret Clearance

Required Skills and Competencies:

• Expert knowledge of penetration testing methodologies and tools
• Experience with web application security testing
• Proficiency in network security assessment
• Knowledge of mobile device and application security
• Experience with API security testing
• Strong understanding of database security
• Expertise in social engineering techniques
• Ability to develop and execute test plans
• Experience with security tools and frameworks
• Strong technical writing and documentation skills
• Excellence in vulnerability identification and exploitation
• Knowledge of threat actor TTPs

Desired Skills and Competencies:

• Additional security certifications (e.g. OSCP+, CEH, GPEN)
• Programming/scripting capabilities
• Experience with cloud security testing
• Knowledge of DevSecOps practices
• Red team operation experience
• Familiarity with federal security requirements
• Experience with automated testing tools
• Understanding of compliance frameworks
• Incident response experience
• Malware analysis skills