Penetration Testing Engineer, Senior - Army (TS/SCI)

About The Position

Requirements

• Active TS/SCI clearance - Required
• GPEN (GIAC Penetration Tester) or OSCP (Offensive Security Certified Professional) - Required.
• Minimum 5+ years hands-on experience in penetration testing, vulnerability assessment, or offensive security roles.
• Strong practical experience with common pentest tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Empire, Cobalt Strike, password-cracking tools) and offensive distributions (Kali, Parrot).
• An IAT Level III certification (one of the following: CASP, CCNP, CISA, CISSP, or GCIH)
• Proven ability to develop and modify exploits, payloads, and backdoors; experience with reverse engineering and debugging.
• Solid programming/scripting skills (Python, Bash, PowerShell). Comfortable reading or writing C/C++/assembly when needed for exploit development or binary analysis.
• Deep understanding of web application vulnerabilities (OWASP Top 10), network protocols, authentication systems, and privilege escalation techniques.
• Experience with vulnerability management workflows and bug-tracking systems.
• Excellent written and verbal communication skills; ability to produce high-quality technical reports tailored to technical and non-technical stakeholders.
• U.S. citizenship required.

Nice To Haves

• Experience with targeting cloud platforms (AWS, Azure) and containerized environments.
• Familiarity with CI/CD security, SAST/DAST tooling, and secure SDLC practices.
• Experience with red team operations, social engineering campaigns, or physical/technical assessment integration.
• Additional certifications: OSCE, CREST, CISSP, GWAPT, GPYC, or similar.
• Prior experience in or supporting Army / DoD programs and mission environments.

Responsibilities

• Plan, develop, and execute comprehensive penetration tests against applications, services, hosts, and networks to identify security weaknesses and exploitability.
• Perform hands-on offensive activities including reverse shells, SQL injection, buffer overflow analysis, trojan/backdoor development, password-cracking, privilege escalation, and social-engineering campaigns where authorized.
• Conduct threat and vulnerability assessments, risk analysis, and recommend pragmatic mitigation strategies.
• Develop attack vectors, perform reconnaissance, OSINT collection, enumeration, footprinting, and build exploit payloads/backdoors for testing purposes.
• Test system and software modifications to validate security posture prior to deployment.
• Document findings clearly and concisely in vulnerability reports and trackers; maintain databases of known defects and test artifacts.
• Participate in software design and architecture reviews to provide security input on requirements and operational characteristics.
• Integrate vulnerability management processes and tools into development/operational workflows; advise on secure coding and configuration baselines.
• Mentor junior testers and contribute to team best practices, playbooks, and test automation.
• Support red team / purple team engagements and collaborate with defensive teams to validate mitigations.

Benefits

• Very competitive salary based on qualifications and experience.
• Comprehensive, Company paid Aetna Health Care Medical for you (We pay your premiums and deductibles)
• 401(k) with company match
• Travel & performance incentives
• 3 weeks paid time off (plus Federal Holidays)
• $5K annual training allowance
• $500 book allowance
• Tuition reimbursement program