Penetration Tester, Senior

About The Position

Requirements

• Minimum of 5 years with BS/BA; Minimum of 3 years with MS/MA; Minimum of 0 years with PhD
• Active TS/SCI clearance.
• Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (documented advanced offensive/cyber operations training); OR Relevant professional certification or equivalent experience (examples: CISSP‑ISSEP; ISC2 CSSLP; GIAC GWAPT).
• Offensive security, red‑team, or penetration testing experience with at least 3 years leading complex, high‑impact assessments in enterprise or DoD environments.
• Expert proficiency in reconnaissance, exploitation, post‑exploitation, web application testing (OWASP), phishing/social‑engineering tactics, and evidence preservation.
• Hands‑on experience with advanced tooling (e.g., Burp Suite, Metasploit, Cobalt Strike, custom exploit development) and validation of detection/response capability.
• Proven ability to produce executive‑grade reports, technical evidence packages, and decision‑grade remediation recommendations under time pressure.
• Strong coordination skills for multi‑team operations, adherence to rules of engagement, and safe execution in operational environments.

Nice To Haves

• Prior DoD/ARNG CDAP, red/blue team, or Persistent Penetration Testing mission experience.
• Background in malware analysis or exploit development and experience integrating findings into detection engineering and SOC tuning.

Responsibilities

• Plan and lead advanced penetration testing operations (Network Assistance Visits, Persistent Penetration Testing) to emulate adversary threat models against Army networks.
• Execute complex network, host, and web application assessments to identify vulnerabilities, lateral attack paths, privilege escalation, and control weaknesses.
• Design and conduct advanced phishing and social‑engineering campaigns to evaluate user awareness and defensive effectiveness.
• Support Network Damage Assessments: validate suspected compromises, determine adversary presence/scope/impact, and provide technical findings to inform containment and remediation.
• Produce timely technical reports, evidence bundles, and executive‑level briefings to support incident response and leadership decision‑making.
• Coordinate testing activities with cybersecurity, SOC/CIRT, operations, and engineering teams to deconflict missions and enable rapid mitigation and retest.
• Translate assessment results into actionable recommendations: detection enhancements, configuration changes, and resilience improvements.
• Maintain pentest toolchains, develop repeatable test procedures, and mentor junior testers to build sustained offensive capability.

Benefits

• Overtime
• Shift differential
• Discretionary bonus