Cyber Penetration Tester - Subject Matter Expert

Overview

We are seeking an experienced Cyber Penetration Tester - SME to join our client’s team. In this role you will lead penetration testing efforts to assess the client's systems security, identify vulnerabilities, recommend NIST 800-53-compliant remediations, maintain the systems infrastructure, and develop tools to automate security processes.

Per our client contract, candidates must be U.S. Citizens, possessing a Secret clearance with eligibility to obtain a Top Secret security clearance.

This role follows a rotating hybrid schedule based in Arlington, VA:

• Week 1: 2 days onsite, 3 days remote
• Week 2: 3 days onsite, 2 days remote

Responsibilities

• Conduct and lead penetration testing activities to evaluate the security of our client's systems.
• Identify security vulnerabilities and propose actionable remediations to meet the requirements of NIST 800-53 controls.
• Communicate findings effectively to system owners and engineers, including demonstrations where necessary.
• Manage and maintain the systems infrastructure.
• Develop or enhance tools to automate discovery and exploitation processes.

Qualifications

Required Qualifications:

• Bachelor’s degree in a relevant field with 9 years of experience in Cyber/IT, or a Master’s degree with 7 years of relevant experience. An additional 4 years of IT security or penetration testing experience may be considered in lieu of a degree.
• Minimum of 5 years of hands-on experience in penetration testing.
• Possess or be able to obtain before the start date one of the following certifications: CCNA-Security, CND, CySA , GICSP, GSEC, Security CE, SSCP.
• Proficiency with Kali Linux.
• Experience using penetration testing tools such as Nmap, Burp Suite, and Metasploit.
• Proven ability to evaluate vulnerabilities, conduct root cause analysis, and report findings using methodologies like NIST SP 800-115, PTES, ISSAF, or OWASP WTG.
• Demonstrated leadership skills in guiding Senior and Junior Penetration Testers during assessments.
• U.S. citizenship with an active Secret security clearance and eligibility to obtain a final Top Secret security clearance.

Preferred Qualifications:

• Active Top Secret or TS/SCI clearance.
• Advanced certifications in IT security, such as CompTIA CASP , ISC2 CISSP, ISC2 CCSP, or ISC2 ISSEP.
• Certifications demonstrating practical penetration testing expertise, such as OSCP, Hack the Box CPTS, PNPT, or GXPN.
• Zero Point Security Red Team Ops II certification.
• Advanced knowledge of:
  • NIST Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes.
  • Security principles (CIA, IAAAA, access control, risk management, etc.).
  • Networking (IP routing, TCP/UDP, VPNs, firewalls, NAT, etc.) and common network protocols (SSH, FTP, SMTP, SMB, HTTP, etc.).
  • Operating systems (process, device, user management, file systems, etc.).
  • Data processing (encoding, hashing, encryption, etc.).
  • Scripting/programming languages (Bash, Python, PowerShell, JavaScript, etc.).
  • Application vulnerabilities (outdated components, misconfigurations, input validation, logging/monitoring failures, etc.).
  • Web application vulnerabilities (XSS, SQLi, LFI, file uploads, authentication flaws, etc.).
  • Active Directory (AD) attacks, including kerberoasting, AS-REP roasting, privilege abuse, golden ticket crafting, etc.
  • Public Key Infrastructure (PKI) and multifactor authentication.
  • Cloud platforms and technologies (AWS, Azure, GCP).

Check out our Referral Program!The Squires Group will pay you for every qualified professional that you refer and we place. If you see a position posted by The Squires Group and know the perfect person for the job, please send us your referral. For more information, go to https://bit.ly/squiresreferral.

#LI-JT1

#LI-hybrid