Penetration Testing - Mid-Level/Senior

EnDynaMcLean, VA
Hybrid

About The Position

EnDyna is seeking experienced Penetration Testers to support the Department of Health and Human Services (HHS) Office of Inspector General (OIG) Cyber Assessment Team. The successful candidate will conduct advanced penetration testing, security assessments, vulnerability analysis, exploitation activities, technical reporting, and cybersecurity consulting supporting Federal audit activities. Candidates will be considered for either Mid-Level or Senior positions based upon education, certifications, and demonstrated experience.

Requirements

  • Mid-Level: Bachelor's degree in Cybersecurity, Computer Science, Information Technology or related field
  • Mid-Level: 4+ years of penetration testing experience
  • Mid-Level: Experience performing network and web application penetration testing
  • Mid-Level: Experience with vulnerability assessment tools
  • Mid-Level: Experience writing professional technical reports
  • Mid-Level: Knowledge of TCP/IP networking
  • Mid-Level: Understanding of Windows and Linux operating systems
  • Senior Level: Bachelor's degree (Master's preferred)
  • Senior Level: 8+ years of penetration testing experience
  • Senior Level: Experience leading penetration testing engagements
  • Senior Level: Advanced exploitation experience
  • Senior Level: Experience with cloud environments
  • Senior Level: Experience mentoring junior testers
  • Senior Level: Experience briefing executive leadership
  • Senior Level: Strong technical writing skills
  • Must be eligible to obtain and maintain an HHS Tier 4 High Risk Public Trust.

Nice To Haves

  • Experience with Burp Suite Pro
  • Experience with Nmap
  • Experience with Nessus
  • Experience with Metasploit
  • Experience with Kali Linux
  • Experience with Wireshark
  • Experience with BloodHound
  • Experience with Impacket
  • Experience with CrackMapExec
  • Experience with PowerShell
  • Experience with Python
  • Experience with Azure
  • Experience with AWS
  • Experience with Docker
  • Experience with Kubernetes
  • Experience with Active Directory
  • Experience with Microsoft Entra ID
  • Experience with Wireless testing tools
  • OSCP
  • OSCE
  • OSEP
  • GPEN
  • GWAPT
  • GXPN
  • GCIH
  • CISSP
  • Security+
  • PNPT
  • CRTO
  • Experience with NIST SP 800-115
  • Experience with OWASP Testing Guide
  • Experience with MITRE ATT&CK
  • Experience with CVSS
  • Experience with Federal cybersecurity environments
  • Experience with FISMA
  • Experience with FedRAMP

Responsibilities

  • Perform external network penetration testing
  • Perform internal network penetration testing
  • Perform web application penetration testing
  • Perform cloud security assessments
  • Perform wireless security assessments
  • Perform mobile application testing
  • Perform container security assessments
  • Perform AI system security assessments
  • Conduct phishing and social engineering assessments
  • Perform information gathering and reconnaissance
  • Enumerate hosts, services, operating systems, applications and network devices
  • Identify vulnerabilities and attack paths
  • Exploit vulnerabilities using approved methodologies
  • Perform post-exploitation activities
  • Demonstrate persistence techniques
  • Evaluate data access and exfiltration opportunities
  • Document countermeasures encountered during testing
  • Validate remediation activities
  • Analyze vulnerability scan results
  • Correlate findings from multiple tools
  • Eliminate false positives
  • Prioritize vulnerabilities based upon risk
  • Map findings to NIST, CVE, OWASP and Federal guidance
  • Develop mitigation recommendations
  • Prepare professional technical documentation including: Rules of Engagement review, Attack confirmation lists, Penetration testing reports, Executive summaries, Technical findings, Risk analyses, Recommendations, Supporting evidence (Screenshots, Logs, Testing artifacts)
  • Participate in planning meetings
  • Conduct entrance conferences
  • Present technical findings
  • Participate in status briefings
  • Explain vulnerabilities to both technical and executive audiences
  • Support audit teams throughout engagements
  • Provide cybersecurity expertise supporting OIG auditors by: Performing vulnerability scans, Analyzing scan results, Advising auditors on security findings, Supporting remote assessments, Participating in technical discussions

Benefits

  • Opportunities for advanced technical growth
  • Flexible remote work environment
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service