Penetration Tester, Lead

About The Position

Requirements

• Hands‑on experience using penetration testing tools.
• Experience in web development and programming languages (Java, XML, Perl, HTML).
• Experience with programming/scripting (Python, PowerShell, C, JavaScript, etc.).
• Extensive IT security risk assessment experience.
• Experience performing web application and physical pentests.
• Familiarity with web app security tools (Burp Suite, WebInspect, AppDetective).
• Familiarity with Kali Linux and IPS/IDS solutions.
• Strong understanding of the Cyber Kill Chain methodology.
• Experience applying the Risk Management Framework (RMF).
• Experience securing desktop and server OS configurations.
• Ability to collaborate with technical teams and customers to develop mitigation strategies.
• Ability to manage multiple projects and adapt to changing priorities.
• This position requires all candidates to be U.S. Citizens and possess an active TS/SCI Security Clearance with a Polygraph.

Nice To Haves

• Bachelor's degree in a technical/information assurance field and 12+ years of experience .
• One or more of the following certifications strongly preferred: GIAC Web Application Penetration Tester (GWAPT) GIAC Penetration Tester (GPEN) CEH, CISM, GWEB, CISSP
• Extensive experience designing and implementing integrated security services, including: Network penetration testing Antivirus planning Risk analysis Incident response
• Experience supporting application development security, including system certifications and firewall evaluations.

Responsibilities

• Conduct internal and external penetration tests to identify vulnerabilities and recommend mitigation strategies.
• Perform web application penetration tests.
• Execute vulnerability risk assessments.
• Conduct physical penetration tests and social engineering exercises.
• Support cyber incident response activities as needed.
• Assess the security impact of new system developments or changes.
• Review, evaluate, and test mission‑critical software for security weaknesses.
• Define security compliance requirements for new system capabilities.
• Identify and remediate vulnerabilities across the system lifecycle.
• Audit and assess system security configurations using industry‑standard tools and methodologies.
• Coach development teams to improve understanding of vulnerabilities, attack vectors, and mitigation techniques.
• Collaborate with Systems, Test, and Integration Engineering teams to ensure architecture meets stringent security requirements.
• Develop, implement, and enforce security policies, standards, and methodologies.
• Serve as a security SME to Program Managers, technical experts, and internal teams.

Benefits

• Health Insurance: Comprehensive medical, dental, and vision plans.
• Retirement Plan: 401(k) with company match.
• Paid Time Off: Generous PTO policy including vacation, sick leave, and holidays.
• Professional Development: Opportunities for training, certifications, and career advancement.
• Work-Life Balance: Flexible work schedules and remote work options.
• Wellness Programs: Employee assistance programs, wellness initiatives, and gym membership discounts.