Penetration Tester

About The Position

Requirements

• Strong understanding of web application security and modern attack techniques.
• Demonstrated ability to distinguish false positives from exploitable issues.
• Proven experience documenting evidence and providing pragmatic remediation guidance.
• Ability to operate within strict rules of engagement and ethical safety constraints.
• U.S. Citizenship or Permanent Residency (Green Card).

Nice To Haves

• Previous experience supporting federal contracting environments.
• Experience with mobile (Android/iOS) or cloud penetration testing (AWS/Azure/GCP).
• Experience with CI/CD and supply chain security testing.
• Familiarity with modern app architectures like microservices and containers.

Responsibilities

• Engagement Scoping & Planning: Partner with stakeholders to define objectives, rules of engagement, and success criteria to ensure safe execution.
• Reconnaissance & Enumeration: Perform passive and active discovery of attack surfaces, services, and APIs to map trust boundaries.
• Manual Application Testing: Conduct deep testing of web and mobile apps aligned with OWASP Top 10 and common design flaws.
• Vulnerability Validation: Safely verify findings such as XSS, SQLi, CSRF, SSRF, and broken access control to demonstrate real-world impact.
• Network & Infrastructure Testing: Identify weaknesses in exposed services, insecure protocols, and misconfigurations across hybrid environments.
• Post-Exploitation Analysis: Assess blast radius, lateral movement paths, and persistence risks while minimizing operational impact.
• Reporting & Remediation: Deliver clear technical reports with reproduction steps and prioritized fixes for both engineers and leadership.

Benefits

• Insurance - health, dental, and vision
• Paid Time Off (PTO) and 11 Federal Holidays
• 401(k) employer match