Job Requirements
Washington, DC
Dept of Homeland Security Full Scope Polygraph
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Job Description
Tharros is seeking a Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer to support a DHS Intelligence and Analysis cybersecurity program in the National Capital Region.
This role will support advanced penetration testing, software assurance, vulnerability assessment, cyber supply chain risk management, secure cloud and hybrid engineering, and cross-domain security assessment activities. The ideal candidate is a senior technical assessor who can go beyond automated scanning to identify systemic weaknesses, validate exploitability, assess operational impact, and provide clear remediation recommendations for complex mission environments.
Responsibilities:
Requirements
Preferred Qualifications:
Summary
Tharros combines extensive cyber defense knowledge with the world's preeminent vulnerability expertise to identify and defend against attacks before they become problems. Working at mission speed, we harden mission systems faster and secure them for longer, so agencies never lose the mission edge. Tharros lifts the veil of enterprise cybersecurity to detect zero days before they affect you, enabling mission maneuverability and the confidence to move missions forward.
In the ever-evolving realm of cyberspace, we are dedicated to becoming the paramount defender in the 5th warfighting domain. By pioneering innovative security solutions and fostering an environment of continuous learning and vigilance, we aim to protect the interests of our nation's security. Our commitment to excellence in cybersecurity will establish new benchmarks, transforming the digital landscape into a secure and thriving frontier for future generations.
Tharros. See Everything. Secure Anything.
Tharros is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer and make employment decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected status.
Tharros is seeking a Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer to support a DHS Intelligence and Analysis cybersecurity program in the National Capital Region.
This role will support advanced penetration testing, software assurance, vulnerability assessment, cyber supply chain risk management, secure cloud and hybrid engineering, and cross-domain security assessment activities. The ideal candidate is a senior technical assessor who can go beyond automated scanning to identify systemic weaknesses, validate exploitability, assess operational impact, and provide clear remediation recommendations for complex mission environments.
Responsibilities:
- Conduct penetration testing, vulnerability assessments, software assurance, and cyber supply chain risk management activities for Federal mission systems.
- Perform full-scope security testing using established methodologies such as MITRE ATT&CK, OWASP, NIST 800-115, and related Federal or IC assessment practices.
- Support pre-engagement planning, rules of engagement, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting.
- Use approved automated and manual testing methods to identify vulnerabilities, validate exploitability, and assess potential business and operational impacts.
- Identify vulnerabilities commonly missed by automated tools through manual, expert-driven testing techniques.
- Assess SOC detection and response capabilities through controlled testing activities.
- Produce penetration testing reports, vulnerability assessment reports, software assurance recommendations, and corrective action guidance.
- Support software assurance through vulnerability and compliance testing, source code review, static/dynamic analysis, dependency review, and software supply chain risk identification.
- Conduct vulnerability assessments and interpret results to recommend corrective actions and mitigation strategies.
- Support secure cloud, hybrid, DevSecOps, application, identity, API, microservices, CI/CD, Zero Trust, and cross-domain assessment activities.
- Maintain secure testing kits and assessment tooling, including patching, configuration updates, and approved tool management.
- Update and maintain penetration testing, SCRM, and vulnerability assessment procedures.
- Support audits, working groups, and stakeholder briefings related to penetration testing, software assurance, vulnerability assessment, and cyber supply chain risk.
- Identify opportunities to improve testing processes, automate assessment workflows, strengthen reporting, and produce useful metrics for leadership and technical stakeholders.
- Translate assessment findings into actionable remediation plans, risk insights, POA&M inputs, dashboards, and decision-ready reporting.
Requirements
- Active TS/SCI
- 10+ years of related cybersecurity assessment, penetration testing, software assurance, vulnerability assessment, or cyber supply chain risk experience.
- 2+ years of recent experience in each of the following areas: software assurance, penetration testing with automated tools, vulnerability assessment, security patch management, secure cloud and hybrid engineering, and
- Cross Domain Solutions.
- CEH and CISSP certifications, or comparable demonstrable experience.
- Experience conducting penetration testing, vulnerability assessments, software assurance, source code review, SCRM, and cyber supply chain management activities.
- Experience using both automated tools and manual testing processes to identify, validate, and document vulnerabilities.
- Experience producing technical reports, corrective action recommendations, mitigation strategies, and executive-ready summaries.
- Strong understanding of vulnerability management, exploitability, secure configuration, remediation validation, and operational risk.
- Strong written and verbal communication skills.
- Ability to work onsite at a government-approved location as required.
Preferred Qualifications:
- Prior DHS, Intelligence Community, DoD, CISA, classified red team, software assurance, SCRM, CVPA, vulnerability research, or national security cyber assessment experience.
- Experience with MITRE ATT&CK, OWASP, NIST 800-115, IC "Raise the Bar," NIST SP 800-161, CNSSI 1253, DHS 4300C, or related Federal/IC cybersecurity frameworks.
- Experience testing cloud, application, identity, API, microservices, CI/CD, DevSecOps, Zero Trust, cross-domain, and hybrid TS/SCI environments.
- Experience with SBOM analysis, static/dynamic code analysis, dependency review, source code review, exploit validation, secure configuration, and remediation validation.
- Experience with GRC platforms such as Archer, eMASS, or Xacta, including the ability to translate findings into POA&Ms, dashboards, scorecards, and remediation workflows.
Summary
Tharros combines extensive cyber defense knowledge with the world's preeminent vulnerability expertise to identify and defend against attacks before they become problems. Working at mission speed, we harden mission systems faster and secure them for longer, so agencies never lose the mission edge. Tharros lifts the veil of enterprise cybersecurity to detect zero days before they affect you, enabling mission maneuverability and the confidence to move missions forward.
In the ever-evolving realm of cyberspace, we are dedicated to becoming the paramount defender in the 5th warfighting domain. By pioneering innovative security solutions and fostering an environment of continuous learning and vigilance, we aim to protect the interests of our nation's security. Our commitment to excellence in cybersecurity will establish new benchmarks, transforming the digital landscape into a secure and thriving frontier for future generations.
Tharros. See Everything. Secure Anything.
Tharros is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer and make employment decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected status.
group id: 10518809