Cybersecurity Penetration Tester (Traditional) - SME

Overview

CYBERSECURITY PENETRATION TESTER (TRADITIONAL) - SME

LOCATION: Eglin AFB, FL

JOB STATUS: Full-time

CLEARANCE: Secret

CERTIFICATION: See Below

TRAVEL: 30%

Astrion has an exciting opportunity for a Cybersecurity Penetration Tester - Subject Matter Expert (SME) for the TMAS 2 96 CTG Task Order, supporting the 48 CTS / TGEC, at Eglin AFB, FL.

This SME-level role serves as the technical leader for penetration testing of Department of Defense (DoD) systems within the 48th Cyberspace Test Squadron. The 48 CTS provides a range of cybersecurity support to both the United States Air and Space Forces, and this position represents the highest level of individual technical contribution on the team.
The ideal candidate is a proven expert who has mastered the cooperative cybersecurity testing skillset as applied to DoD environments. In addition to executing technically complex penetration tests, the SME provides strategic direction on test methodologies, mentors senior and mid-level testers, and serves as the authoritative voice on penetration testing approaches, tools, and findings across the program.

This position includes travel to meet 48th CTS mission requirements of up to 30% of the time, primarily within the United States with possible overseas travel.

REQUIRED QUALIFICATIONS / SKILLS

• Demonstrated subject matter expertise in penetration testing of DoD systems; depth of knowledge and operational experience rather than a specific degree or years-of-service threshold is the primary qualifying criterion.
• Active Secret clearance required; must be able to obtain and maintain a Top Secret clearance. U.S. Citizenship required.
• Must meet DOD 8140 Cyber Workforce Foundational Qualification requirements prior to the commencement of work.
• Expert-level proficiency with modern penetration testing tools, frameworks, and methodologies as applied to DoD operational environments.
• Advanced experience testing and exploiting web applications, including complex authentication mechanisms, API attack surfaces, and application logic flaws.
• Exceptional analytical and creative problem-solving skills, including the ability to develop novel attack paths against hardened or previously untested systems.
• Outstanding organizational, decision-making, and written and verbal communication skills - including the ability to present complex technical findings to senior DoD leadership and program offices.
• Demonstrated ability to independently lead, scope, plan, execute, and report on large-scale or high-visibility penetration test events.
• Expert-level knowledge of Windows, Linux (including Kali), and Unix operating systems.
• Ability to operate with full autonomy and provide authoritative guidance under minimal supervision across highly complex and ambiguous engagements.

PREFERRED QUALIFICATIONS / SKILLS

• Proven track record leading penetration test teams through full-lifecycle engagements in DoD acquisition or operational test contexts.
• Deep knowledge of source code vulnerability analysis across multiple language paradigms.
• Expert knowledge of network security architecture and engineering, with the ability to identify systemic weaknesses at scale.
• Expert understanding of wired and wireless network protocol structures and the ability to craft and manipulate traffic at the packet level.
• Advanced proficiency in interpreted languages (Python, Ruby, JavaScript, Bash, PowerShell, PHP, etc.) with a strong capability to develop custom exploitation and automation tooling.
• Proficiency in compiled languages (C, C++, Assembly, Java, etc.) and the ability to reverse-engineer or develop binary-level exploits.
• Relevant advanced certifications: CISSP, CASP, OSCP, OSEP, OSWA, OSWE, OSED, OSCE3, GCIH, GPEN, GWAPT, or equivalent advanced offensive security credentials.

RESPONSIBILITIES

• Serve as the program's primary technical authority on penetration testing, providing definitive guidance on methodology, tooling, scope, and risk assessment decisions.
• Conduct highly complex and independent penetration tests against DoD systems, networks, applications, and platforms - including novel or first-of-kind targets.
• Lead the development of advanced test tools, custom exploits, and strategic testing frameworks tailored to DoD cybersecurity evaluation requirements.
• Perform in-depth system security analysis to identify and characterize vulnerabilities across operating systems (Windows, Linux, Unix), software, and databases (Apache, SQL Server, Oracle, etc.).
• Mentor and technically develop senior and mid-level penetration testers, elevating overall team capability and ensuring consistency of tradecraft.
• Establish and maintain quality standards for test documentation, findings reporting, and evidence collection across the team.
• Translate complex technical findings into clear, actionable reports and briefings for both technical audiences and senior non-technical DoD stakeholders (written and oral).
• Provide authoritative technical leadership in the management, planning, and execution of Cooperative Vulnerability Identification (CVI), Adversarial Cyber Defense (ACD), and Cooperative Vulnerability and Penetration Assessment (CVPA) events.
• Collaborate directly with DoD Program Offices to define test scope, negotiate rules of engagement, assess mission risk, and present findings at program-level reviews.
• Identify and advocate for adoption of emerging tools, techniques, and threat-informed testing approaches relevant to DoD operational environments.

#CJ

#LI-AD1