Penetration Testing Engineer IV

About The Position

Requirements

• Mobile Application Security Testing:
• iOS and Android penetration testing tools (Frida, Objection, MobSF)
• Mobile application reverse engineering
• Runtime application security testing (RAST)
• Mobile device forensics and analysis
• Identity & Authentication Security:
• Biometric security assessment techniques
• PKI and certificate authority security testing
• OAuth, SAML, and JWT vulnerability assessment
• Multi-factor authentication bypass techniques
• Cloud Security Assessment:
• AWS security testing methodologies
• Container and Kubernetes security assessment
• API security testing (REST/SOAP)
• Cloud configuration review and hardening
• General Penetration Testing:
• Network penetration testing tools (Nmap, Metasploit, Burp Suite)
• Web application security testing (OWASP Top 10)
• Social engineering and phishing assessment
• Wireless network security testing
• Minimum Required: OSCP (Offensive Security Certified Professional)
• 5+ years of hands-on penetration testing experience
• Experience with mobile application security testing
• Background in testing government or highly regulated systems
• Experience with identity management and authentication systems
• Knowledge of compliance frameworks (NIST Cybersecurity Framework, ISO 27001)

Nice To Haves

• Preferred Additional Certifications:
• CISSP (Certified Information Systems Security Professional)
• CEH (Certified Ethical Hacker)
• GWEB (GIAC Web Application Penetration Tester)
• GMOB (GIAC Mobile Device Security Analyst)
• CISSP (Certified Information Systems Security Professional)
• Knowledge of digital identity standards (FIDO Alliance, W3C)
• Familiarity with government identity verification processes
• Experience with automated security testing tools
• Background in secure software development lifecycle (SDLC)
• Knowledge of privacy regulations (SOC2, GDPR, CCPA)
• Experience with threat intelligence and adversary simulation

Responsibilities

• Conduct comprehensive penetration testing of Mobile ID applications (Android and iOS)
• Perform security assessments of Digital Identity Wallet and Civil Identity backend systems and APIs
• Test cloud infrastructure security controls across AWS environments
• Evaluate biometric authentication systems and liveness detection mechanisms
• Assess PKI implementation, SOC 2, X.509 certificate management, and cryptographic controls
• Conduct network penetration testing of government integration points and DMV connections
• Perform social engineering assessments targeting identity verification processes
• Test mobile SDK security implementations and third-party integrations
• Evaluate web application security for citizen enrollment portals
• Assess compliance with government security frameworks (NIST, FedRAMP, FISMA)
• Develop detailed vulnerability reports with risk ratings and remediation guidance
• Collaborate with development teams to validate security fixes and implement secure coding practices
• Participate in threat modeling sessions for new product features
• Maintain testing tools and develop custom exploits for identity-specific vulnerabilities