Penetration Tester Expert

About the position

The Penetration Tester, Expert position is a full-time role based in McLean, VA, requiring a TS/SCI with CI Polygraph security clearance. The primary responsibility of this role is to conduct internal penetration testing and vulnerability assessments across various platforms, including servers, web applications, web services, and databases. The successful candidate will manually exploit and compromise operating systems, web applications, and databases to identify vulnerabilities, misconfigurations, and compliance issues. This role demands a thorough examination of results from web/OS scanners, scans, and static source code analysis, followed by the documentation of findings in comprehensive reports. In addition to technical skills, the position requires the ability to effectively communicate and coordinate with diverse audiences, including developers, system administrators, project managers, and senior government stakeholders. The candidate will be responsible for providing security recommendations tailored to these stakeholders and will need to defend all findings, including the associated risks or vulnerabilities, mitigation strategies, and references. The role also involves writing penetration testing Rules of Engagement (RoE), Test Plans, and Standard Operating Procedures (SOP), as well as conducting security reviews and technical research to enhance security defense mechanisms. The ideal candidate will have experience with NIST 800-53 and the Risk Management Framework, along with a strong foundation in security practices and principles. This position is critical in ensuring the security posture of the organization and requires a proactive approach to identifying and mitigating potential security threats.