Penetration Tester - Level III (SD)

As a Penetration Tester - Level III, you will serve as a key te c hni c al leader on our c yberse c urity team, dire c tly c ontributing to the prote c tion of networks and sensitive data for a diverse range of c ustomers, in c luding both c ommer c ial enterprises and government entities. You will lead se c urity engagements, mentor junior staff, and play a c entral role in developing innovative testing tools and c apabilities that enhan c e our ability to emulate sophisti c ated adversaries. This position offers a dynami c , c ollaborative environment that values innovation, te c hni c al ex c ellen c e, and professional growth. You will work with a forward-leaning team that embra c es advan c ed te c hnologies and c onstantly seeks ways to improve se c urity out c omes through robust software development and se c urity automation.

Duties and Responsibilities:

Operating with minimal supervision in support of the Department of Defense (DoD), your responsibilities in c lude:

• Lead Penetration Testing Engagements - Serve as the te c hni c al lead during internal and external se c urity assessments, simulating real-world atta c k te c hniques to identify vulnerabilities and evaluate defenses.

• Vulnerability Analysis and Exploitation - Perform in-depth analysis and exploitation of vulnerabilities a c ross appli c ations, operating systems, and networks, in c luding the development of c ustom exploits.

• Threat Emulation and S c enario Design - C reate and exe c ute c omplex test s c enarios, in c luding red and purple team exer c ises, tailored to c ustomer environments.

• Reporting and Exe c utive Briefings - Produ c e c omprehensive te c hni c al reports and exe c utive-level presentations that c learly c ommuni c ate risks, findings, and a c tionable mitigation strategies.

• Advan c ed Analysis - C ondu c t reverse engineering, stati c /dynami c malware analysis, and offline c ode analysis to un c over hidden threats and support in c ident response efforts.

• C ollaboration - Work c losely with IR/SO C teams as needed during investigations, and c ontribute to the development of internal TTPs, poli c ies, and C ONOPs.

• C lient Intera c tion - Interfa c e with c lients, present findings, and advise stakeholders on strategi c and ta c ti c al se c urity improvements.

• Travel - May require o c c asional travel to c lient sites.

• Software Development & Automation - Design, develop, and integrate custom penetration testing scripts, tools, and automation frameworks using programming languages such as Python, Ruby, and C/C++ . Collaborate with team members to build effective, reusable testing utilities that replicate advanced adversary tactics and improve testing efficiency.

Qualifi c ations:

• Active Top Secret Clearance
• Ba c helor's degree in a related field or 7+ years of experien c e in c yberse c urity or information te c hnology.

• A c tive DoD 8570 IAT Level II (or higher) c ertifi c ation.

• At least one of the following c ertifi c ations in good standing: OS C P, OS C E, OSWA, OSWE, GPEN, GXPN, GWAPT.

• Demonstrated experien c e in both authenti c ated and unauthenti c ated testing s c enarios.

• Deep knowledge of modern network proto c ols, operating systems, web appli c ations, c loud environments, and se c ure c onfiguration pra c ti c es.

• Experien c e identifying and exploiting vulnerabilities a c ross various platforms (e.g., Windows, Linux, ma c OS, network devi c es, web APIs).

• Profi c ient with open-sour c e and c ommer c ial se c urity tools (e.g., Nmap, Kali Linux, C obalt Strike, Burp Suite, et c .).

• Strong software development skills, particularly in Python, Ruby, and C/C++ , with experience creating custom testing tools and automation scripts.

Preferred Experien c e:

• 7+ years of hands-on experien c e in penetration testing and vulnerability assessments.

• 7+ years supporting se c urity operations or threat hunting a c tivities.

• Experien c e developing C2 infrastructure, automated tools, and frameworks for testing and exploitation.

• Familiarity with MITRE ATT& C K, D3FEND, and adversary emulation te c hniques.

• Prior experien c e in red and purple team exer c ises.

• C omfort developing Rules of Engagement, TTPs, and other operational do c umentation.
• Exploit Development capability a plus

Additional Information:

In addition to our c ore work supporting the DoD, our c ompany also undertakes c ommer c ial c yberse c urity initiatives. Team members may be sele c tively engaged in these proje c ts based on their expertise and interests, in c luding advan c ed resear c h and development efforts related to software development and se c urity testing automation.

Why Work for Us?

Core4ce is a team of innovators, self-starters, and critical thinkers-driven by a shared mission to strengthen national security and advance warfighting outcomes.

We offer:

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage-employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules
• Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.

Join us to build a career that matters-supported by a company that invests in you.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.