No third-party candidates considered for this position. Require U.S. Citizen only for Federal Clearance Requirement
Candidates willing to relocate to Washington, DC can also apply
We are seeking an experienced Penetration Tester with a strong background in security testing across AWS and Microsoft 365 products. The ideal candidate will be skilled in assessing applications, networks, and databases, with proficiency in both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). A deep understanding of code reviews, attack modification, and exploit techniques is also essential.
Key Responsibilities:
- Conduct thorough penetration testing on applications, networks, and databases.
- Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
- Conduct detailed code reviews to uncover security vulnerabilities.
- Modify attacks and exploits, effectively utilizing Metasploit modules and other exploit frameworks.
- Script in Python, Bash, and other relevant scripting languages for automating testing tasks and tool development.
- Identify and mitigate OWASP Top 10 vulnerabilities, ensuring secure application and infrastructure deployments.
- Leverage security assessment tools for vulnerability scanning, network testing, and system hardening.
- Generate comprehensive reports on findings, risks, and recommended remediation actions.
- Collaborate with development, infrastructure, and management teams to ensure security is integrated across the entire system lifecycle.
Key Requirements:
- Proven hands-on experience in penetration testing of AWS and Microsoft 365 environments.
- Deep expertise in SAST and DAST methods.
- Familiarity with modifying attacks, exploits, and using Metasploit modules.
- Proficiency in scripting languages (Python, Bash).
- Strong understanding of OWASP Top 10 vulnerabilities.
- Ability to perform security testing for APIs.
- Experience with common penetration testing tools (e.g., Burp Suite, Metasploit, HailStorm).
- Strong analytical and problem-solving skills.
- Excellent communication skills for both technical and non-technical audiences.
- Knowledge of threat modeling and risk assessment methodologies.
- Certifications such as CEH, OSCP, or equivalent.
