Sr. Cyber Penetration Tester

A top government integrator is seeking a Sr. Cyber Penetration Tester to support a large government integrator in Washington, DC.

About the Opportunity:

• Location: Onsite in Washington, DC (slight remote work possible)


• Contract Length: Open-ended contract to hour


• Hours: Core business (EST)


• U.S. Citizenship required - must pass federal background investigation for a Public Trust


• Active Public Trust Clearance or Ability to obtain a Public Trust Clearance

Responsibilities:

• Perform penetration testing services for a wide variety of systems, devices, networks, and applications to identify exploitable vulnerabilities


• Conduct continuous penetration testing of the enterprise


• Assess the effectiveness of security controls implemented to protect systems in support of the Authorization Process, security impact analysis, through change management and as required


• Mimic attacks of threat actors, perform ad-hoc and focused penetration tests for any internal or public websites associated with systems


• Develop and execute plans that include penetration testing of IT systems


• Validate remediation and develop quarterly, annual and ad-hoc penetration testing schedules


• Provide results of information gathered, tactical recommendations, strategic recommendations, and verifies remediation

Qualifications:

• 8 years of hands-on Penetration Testing and Ethical Hacking experience


• Bachelor's or Master's degree in Cybersecurity, Information Security, Computer Science, or a related field


• Offensive Security Certified Professional (OSCP) certification


• Experience working in Red Team Operations, Offensive Security, or Vulnerability Research


• Expert in exploitation techniques, privilege escalation, lateral movement, and post-exploitation tactics


• Strong proficiency with Python, PowerShell, Bash, C, or Assembly for exploit development and scripting


• Familiarity with Active Directory attacks, Kerberoasting, pass-the-hash, and credential dumping


• Experience with cloud security testing (AWS, Azure, Google Cloud Platform) and container security (Docker, Kubernetes)


• Solid understanding of SOC detection techniques and evasion strategies


• Ability to communicate technical vulnerabilities clearly to both technical and non-technical stakeholders


• Experience working with federal agencies or government contractors

Desired Skills:

• One of the following certifications: OSCE, OSEP, OSEE, or OSED (Advanced Offensive Security Certs)


• Certified in one of the following: CISSP, CISM, GPEN, GXPN, or CEH