Senior Red Team Engineer III

BerkadiaAmbler, PA
Hybrid

About The Position

Berkadia Commercial Mortgage, LLC seeks a Senior Red Team Engineer III to manage and conduct internal penetration tests on mission-critical internal web applications. This role involves network scanning, foot printing, fingerprinting, process enumeration, exploitation, escalation, and exfiltration. The engineer will document findings with evidence and replication steps, publish results to a Vulnerability Management platform, and track remediation progress. Responsibilities include building reports on findings, remediation data, MTTR compliance, application testing history, and YoY trends. The role also requires maintaining the penetration testing environment, including deploying and managing Kali Linux on a secure jump-box, and updating penetration testing documentation. Additionally, the engineer will provide quarterly updates to the Cyber Risk Management team on NIST framework compliance, lead efforts with development teams on HTTP security headers, manage WAF policies, and mentor junior engineers on vulnerability remediations.

Requirements

  • Bachelor’s degree, or foreign equivalent, in Electronics Engineering, Computer Science, Information Technology, or closely related field.
  • Must have (4) years of experience conducting internal penetration tests from start to end including documentation and remediations of all findings using Metasploit, BurpSuite, Kali Linux, and nmap.
  • Of the (4) years, must have (2) years’ experience maintaining modern cloud infrastructures in AWS and Azure environments including experience with Terraform.
  • (2) years experience in Agile development, including Python, and Bash.
  • (2) years’ experience managing and deploying Docker container-based assets using Kubernetes.
  • (2) years’ experience utilizing TCP/IP networking both on-premises and in a cloud-based environment including network and web application firewall configuration.

Responsibilities

  • Manage and conduct internal penetration tests on mission-critical internal web applications including network scanning, foot printing, fingerprinting, process enumeration, exploitation, escalation, and exfiltration.
  • Document the results of all findings of internal penetration tests providing evidence/POC (Proof of Concepts) for each finding and how to replicate the results of each finding.
  • Publish the results of internal penetration tests into our Vulnerability Management platform and track the progress of ongoing remediations and provide technical assistance where needed.
  • Build and publish reports showing the following: quarterly, monthly, and yearly internal penetration testing findings and remediation data MTTR (Mean Time to Remediation) compliance metrics; applications to be tested and historical data going back 12 months; YoY trend data for each application tested.
  • Maintain the penetration testing environment including deploying the Kali Linux (or other penetration testing Operating System) to a secure jump-box location within the network and maintaining it.
  • Maintain and update internal penetration testing documentation ensuring that it is up to date with best practices.
  • Provide quarterly updates to our CRM (Cyber Risk Management) team regarding our compliance with NIST (National Institute of Standards and Technology) pen testing frameworks.
  • Lead efforts with development teams to ensure that Berkadia Web Applications are implementing all required HTTP security headers.
  • Manage and maintain all WAF (Web Application Firewall) policies and updates.
  • Be a technical subject matter expert to mentor more junior engineers working on vulnerability remediations.

Benefits

  • Remote work available up to 3 days per week at employer discretion.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service