Penetration Tester, Journeyman

About The Position

Requirements

• 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
• Active TS/SCI clearance.
• Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR Relevant DoD/military training (if applicable); OR Relevant professional certification or equivalent experience (examples: CSC, CSSLP, GCSA, GSEC, Security+).
• Penetration testing, vulnerability assessment, red‑team, or offensive security experience.
• Practical skills in reconnaissance, exploitation, post‑exploitation, web application testing (OWASP), social‑engineering assessments, and evidence preservation.
• Familiarity with common pentest tools and frameworks (Burp, Metasploit, Nmap, etc.), and ability to document reproducible findings and remediation steps.
• Ability to coordinate safely in operational environments, follow rules of engagement, and hand off findings to defenders for remediation and retest.
• Strong technical writing for producing evidence bundles, technical summaries, and actionable recommendations.

Nice To Haves

• Prior DoD/ARNG CDAP, red/blue team, or persistent penetration testing experience.
• Experience mapping findings to detection engineering and supporting SOC/IDS tuning for improved coverage.

Responsibilities

• Execute penetration testing activities per CDAP mission plans: reconnaissance, exploitation attempts, post‑exploitation validation, and evidence collection.
• Conduct network, host, and application assessments to identify attack paths, misconfigurations, and control weaknesses aligned with adversary threat models.
• Support Network Assistance Visits and Persistent Penetration Testing events under senior guidance; perform validation tasks during Network Damage Assessments to check for compromise indicators.
• Perform web application testing, phishing/social‑engineering assessments, and document results to evaluate defensive effectiveness.
• Collaborate with cybersecurity, SOC/CIRT, and operations teams to coordinate test schedules, deconflict activities, and support remediation and retesting.
• Produce technical notes, evidence bundles, preliminary findings, and input for formal assessment reports and mission documentation.
• Capture detection gaps and recommended mitigations; translate test observations into detection opportunities and follow‑on validation tasks.
• Maintain and validate penetration testing toolsets, repeatable test procedures, and workflow improvements for mission environments.

Benefits

• Overtime
• Shift differential
• Discretionary bonus