Senior Penetration Tester

About The Position

Requirements

• An active Secret security clearance is required at the time of proposal submission.
• 6+ years of proven proficiency performing extensive vulnerability assessments and penetration testing
• 3+ years of experience using testing tools including NESSUS, Metasploit, CANVAS, Nmap, Burp Suite, and Kismet
• 3+ years of experience performing network vulnerability assessments and applying penetration testing methodologies
• 3+ years of experience writing penetration testing and assessment reports
• 2+ years of experience administering, using, and troubleshooting Windows Server and IIS
• 2+ years of experience administering, using, and troubleshooting a major Linux distribution
• 2+ years of experience performing PCI DSS testing
• Possession of one or more penetration testing certifications such as Licensed Penetration Tester (LPT), Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN)
• Knowledge of TCP/IP protocols and networking architectures
• Knowledge of open security testing standards and projects, including OWASP
• Knowledge of database, application, and web server design and implementation
• Experience scripting in Perl, Python, Ruby, Bash, or Java
• Experience with wireless LAN security testing
• Excellent oral communication, written documentation, and presentation skills

Nice To Haves

• Experience supporting DLA contracts
• Bachelor’s degree in a relevant technical field
• Project Management Professional (PMP) certification
• Familiarity with enterprise networks and systems, including servers, databases, APIs, and Active Directory
• Familiarity with web application concepts such as session management, business logic, and input validation
• Familiarity with AI and large language model (LLM) security concerns, including data poisoning and prompt injection exploitation
• Familiarity with operational technology (OT) environments, including SCADA system security and PLC security
• Familiarity with wireless networks, including Bluetooth security and wireless intrusion detection and prevention systems (WIDS/WIPS)
• Familiarity with DevSecOps pipelines, including SAST, DAST, and SCA implementation and automated security testing
• Familiarity with hybrid environments, including the interconnectivity and security of on-premises and cloud-based systems

Responsibilities

• Independently performs penetration testing of applications, systems, and enclaves
• Identifies security flaws in computing platforms and applications and devises strategies and techniques to mitigate identified cybersecurity risks
• Performs application, network, and wireless penetration testing and security assessments
• Applies offensive cybersecurity testing techniques and coordinates testing projects with internal and external system owners
• Reports on identified cybersecurity risks and recommends mitigation measures to improve the overall cybersecurity posture of the enterprise
• Applies in-depth knowledge of network protocols, operating systems, web application security, reverse engineering, and scripting languages to identify and mitigate vulnerabilities before they can be exploited by threat actors
• Continuously refines and improves cybersecurity defenses and incident response plans
• Supports the development of Assessment Final Reports, Mitigation Effectiveness Reports, and Rules of Engagement
• Supports daily hotwash events, briefings and presentations, and scoping meetings

Benefits

• We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them.
• BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance.
• Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements.