Lead Penetration Tester

Location: Annapolis Junction, Maryland, USA

Job Type: Full-Time

Shift: Day

Telework: None

Salary Range: **$100,000 to $200,000 per year

Starting salary is based on minimum education and years of experience and increases based on education and/or experience.

Overview: Lead the offense to strengthen the defense. Seeking a highly skilled lead penetration tester to join a top-tier Agile cybersecurity team focused on securing complex, enterprise-scale environments. In this role, you'll spearhead offensive security assessments across networks, applications, endpoints, cloud services, and mission‑critical systems-simulating real‑world adversaries to uncover vulnerabilities before they can be exploited. You'll collaborate closely with cyber SMEs, engineers, and leadership to shape penetration testing strategies, guide remediation, and influence enterprise-level security posture. Your work will directly safeguard interconnected infrastructures, including LAN/WAN environments, public-facing assets, commercial internet gateways, servers, and user platforms. If you thrive in advanced threat emulation, enjoy unraveling complex technical challenges, and want your expertise to drive major cybersecurity decisions, this is a standout opportunity to lead and innovate.

Security Clearance Requirements:

This position requires all candidates to be U.S. Citizens and possess an active TS/SCI Security Clearance with a Polygraph.

Responsibilities

• Conduct internal and external penetration tests to identify vulnerabilities and recommend mitigation strategies.
• Perform web application penetration tests.
• Execute vulnerability risk assessments.
• Conduct physical penetration tests and social engineering exercises.
• Support cyber incident response activities as needed.
• Assess the security impact of new system developments or changes.
• Review, evaluate, and test mission‑critical software for security weaknesses.
• Define security compliance requirements for new system capabilities.
• Identify and remediate vulnerabilities across the system lifecycle.
• Audit and assess system security configurations using industry‑standard tools and methodologies.
• Coach development teams to improve understanding of vulnerabilities, attack vectors, and mitigation techniques.
• Collaborate with Systems, Test, and Integration Engineering teams to ensure architecture meets stringent security requirements.
• Develop, implement, and enforce security policies, standards, and methodologies.
• Serve as a security SME to Program Managers, technical experts, and internal teams.

Qualifications

Required Skills & Experience:

• Hands‑on experience using penetration testing tools.
• Experience in web development and programming languages (Java, XML, Perl, HTML).
• Experience with programming/scripting (Python, PowerShell, C, JavaScript, etc.).
• Extensive IT security risk assessment experience.
• Experience performing web application and physical pentests.
• Familiarity with web app security tools (Burp Suite, WebInspect, AppDetective).
• Familiarity with Kali Linux and IPS/IDS solutions.
• Strong understanding of the Cyber Kill Chain methodology.
• Experience applying the Risk Management Framework (RMF).
• Experience securing desktop and server OS configurations.
• Ability to collaborate with technical teams and customers to develop mitigation strategies.
• Ability to manage multiple projects and adapt to changing priorities.

Preferred Qualifications:

• Bachelor's degree in a technical/information assurance field and 12+ years of experience.
• One or more of the following certifications strongly preferred:
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • CEH, CISM, GWEB, CISSP
• Extensive experience designing and implementing integrated security services, including:
  • Network penetration testing
  • Antivirus planning
  • Risk analysis
  • Incident response
• Experience supporting application development security, including system certifications and firewall evaluations.