Graham Technologies - Camp Springs, MD
posted 4 days ago
Full-time - Mid Level
Hybrid - Camp Springs, MD
Professional, Scientific, and Technical Services
About the position
We are seeking a highly skilled Penetration Tester to join our cybersecurity team serving our client in Camp Spring, MD. The ideal candidate will have extensive hands-on experience performing penetration tests and ethical hacking across Amazon Web Services (AWS), Microsoft Azure, and On-Premise environments. This role requires expertise in identifying vulnerabilities, exploiting them, and providing actionable recommendations to strengthen security postures. Note: This hybrid role requires the candidate to be on the client site at least one day per week, preferably on Tuesdays.
Responsibilities
- Conduct comprehensive penetration tests on AWS, Azure, and on-premise systems, including networks, applications, APIs, and infrastructure.
- Perform reconnaissance, vulnerability scanning, exploitation, privilege escalation, and post-exploitation tasks.
- Collaborate with cross-functional teams to assess and validate security vulnerabilities.
- Develop, customize, and execute advanced attack scenarios tailored to client environments.
- Provide detailed reports, including an executive summary, technical findings, risk assessments, and actionable recommendations.
- Stay up-to-date with emerging threats, vulnerabilities, and trends in cybersecurity.
- Assist in building and enhancing penetration testing tools and methodologies.
- Deliver technical presentations and debriefs to stakeholders, translating complex findings into understandable terms.
- Ensure compliance with industry standards and frameworks like OWASP, NIST, and MITRE ATT&CK.
Requirements
- Security Clearance: Ability to obtain a Secret Clearance.
- A minimum of 5 years of proven penetration testing and ethical hacking experience.
- Hands-on experience in penetration testing across AWS, Azure, and On-Premise environments.
- Strong understanding of APIs, DevOps pipelines, CI/CD systems, and secure cloud infrastructure.
- Proficiency in penetration testing tools (e.g., Burp Suite Pro, Metasploit Framework, Kali Linux, Cloudsploit, Prowler, Scoutsuite, Pacu, CloudCheckr, AWS CLI, and Kali CLI, Tenable, and others).
- Advanced scripting and coding skills in Python, PowerShell, or Bash.
- Familiarity with web application vulnerabilities, OWASP Top 10, and secure coding practices.
- Expertise in API security testing and cloud-native vulnerabilities.
- Experience with Active Directory and enterprise network penetration testing.
- Bachelor's degree in Cybersecurity, Software Development, Database Management, or related fields. Equivalent work experience may be considered in lieu of a degree.
Nice-to-haves
- Master's degree in Cybersecurity or a related field.
- Experience performing red teaming and adversary emulation exercises.
- Knowledge of compliance frameworks such as FISMA and NIST 800 Series.
- Demonstrated ability to write custom exploits and tools.
Benefits
- Four Week's Accrued PTO First Year
- Ten Paid Federal Holidays
- Health, Dental, Vision, and Life Insurance
- 401(k) Plan with Annual Employer Contributions
- Flexible Schedules
- Reimbursements for Continued Education and Training
