Cybersecurity Test Engineer, Penetration Tester

Job Description:

The team is searching for a penetration tester to support the 48th Cyber Space Test Squadron, the United States Air Force, and the United States Space Force at Eglin Air Force Base, Florida. The Cybersecurity Penetration Test Team conducts security analysis and assessments on Air Force and Space Force systems to better understand cybersecurity vulnerabilities, characterize security risks, and make recommendations on corrective actions.

If you enjoy working in a fast-paced multi-disciplinary environment, learning new technology areas, this is the team for you. The team provides opportunities to advance your cybersecurity career and experience through on-the-job training, hands on testing, self-paced learning, and program and project management by working directly with experienced team members with many years in the cybersecurity field and professional certifications like OSCP, OSEP, OSWA, OSWE, OSED, OSCE, GCIH, GPEN, and/or GWAP. If you have a technical cyber-background and want to learn more about penetration and other cyber testing, this is the job for you.

We are looking for professionals with a cyber testing background, who have strength in penetration testing field. We are also seeking technical experience working with Kali Linux and other penetration test tools. Additional experience can include vulnerability analysis, network/security engineering, network protocol structures, interpreted and compiled computer languages, and information technologies like Windows, Linux, Unix, Cisco, Databases, web servers, computer virtualization, containers, and cloud computing. With one or more cyber certifications in one of the listed areas and are highly motivated to learn the others. Position responsibilities can span from compliance testing to penetration testing, depending on skillset.

When executing test events, work hours can be extended and may vary. Test events are typically 1-2 weeks in length. Travel requirements are typically 1 week per month.

This position provides cybersecurity support directly to the 48th Cyberspace Test Squadron at Eglin AFB, FL. This support includes the following:

Essential Duties and Responsibilities

• Conduct independent penetration testing, data collection, test automation, and reporting
• Develop test tools and strategies for cybersecurity testing in DOD
• Perform system security analysis on systems and/or software to understand and identify vulnerabilities
• Execute hands-on testing which includes significant technical skills with multiple operating systems. (Windows, Linux, Unix, IOS (network)) as well as software/databases (SQL Server, Oracle)
• Provide technical guidance and expertise to test teams
• Document and communicate test results effectively to technical and non-technical user groups in written and oral formats
• Significant knowledge of Windows and Linux (including Kali) Operating Systems

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our "Family of Professionals!" Learn about our employee-centric culture and benefits here .

Required Experience

Required Experience

• Must have one of the following combinations of education and experience
  • Bachelor Degree and 3-4 years of applicable experience
  • Associate's Degree and 7-8 years of experience
  • High School Diploma or equivalent with a minimum of 9-12 years
• Must be a U.S. Citizen. Must be able to obtain an interim DoD Secret clearance prior to start date and ultimately obtain and maintain a final Top Secret (Single Scope Background Investigation) clearance.
• Demonstrated experience with penetration testing tools and methodologies (e.g., Kali Linux suite, Metasploit, Burp Suite, Nmap).
• Strong knowledge of computer networking concepts, protocols (TCP/IP, UDP), and network security methodologies (e.g., firewalls, IDS/IPS, VPNs, routing/switching).
• Proven ability to identify, analyze, and exploit common web applications, network, and system vulnerabilities (e.g., SQLi, XSS, RCE, misconfigurations).
• Hands-on experience with multiple operating systems (Windows, Linux, Unix) and an understanding of their system administration concepts and security configurations.
• Excellent analytical and problem-solving skills with the ability to function effectively in a dynamic, fast-paced environment.
• Ability to document and communicate complex technical findings, risks, and recommendations effectively to both technical and non-technical audiences in written and oral formats.
• High degree of self-initiative and motivation, with the ability to work effectively independently or as part of a team.
• Must obtain one of the DoD 8140 Compliance certifications within 6 months

Preferred Skills and Qualifications

• Active DoD Top Secret clearance highly desired
• DoD 8140 Compliance: DoD cyber workforce certifiction is highly desired. Possible certifications include: Offensive Security Certified Professional (OSCP); GIAC Penetration Tester (GPEN); GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); Certified Ethical Hacker (CEH); GIAC Web Application Penetration Tester (GWAPT); or Offensive Security Web Expert (OSWE)
• Experience performing penetration test events
• Knowledge of source code vulnerability analysis
• Knowledge of network security/engineering
• Knowledge of common wired and wireless network protocol structures
• Experience using interpreted languages (Python, Ruby, JavaScript, PHP, etc.).
• Knowledge of compiled languages (Python, Rust, Go, C, C++, Assembly, Java, etc.)
• Certifications: OSCP, OSEP, OSWA, OSWE, OSED, OSCE, GCIH, GPEN, and/or GWAP
• Advanced cybersecurity certifications such as OSCE, OSEP, OSED
• Experience developing custom scripts or tools to automate testing tasks and parse data (e.g., in Python, PowerShell, Perl).
• Knowledge of compiled and interpreted programming languages, computer virtualization, containers, and cloud computing environments (AWS, Azure, Oracle, GCP).
• Experience with system and network architecture, security architecture models, and secure configuration hardening.
• Familiarity with the DoD Risk Management Framework (RMF) and compliance testing.
• Knowledge of operational planning, the Cyber Tasking Order (CTO) cycle, and developing exploitation strategies.

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.