Penetration Test Engineer
Overview Responsibilities- Plan and perform vulnerability scans and assessments across on-premises, hybrid, and cloud environments.
- Lead scanning activities for servers, endpoints, applications, and cloud infrastructure using tools such as Nessus, Security Center, Tenable.IO, Qualys WAS, and NMAP.
- Analyze and validate scan results, correlate findings, and determine severity and risk impact to prioritize remediation efforts.
- Collaborate with remediation teams, system owners, and senior security staff to track and resolve identified vulnerabilities.
- Monitor and tune scan configurations, troubleshoot scan failures, and recommend optimizations for improved coverage and performance.
- Maintain and update vulnerability tracking systems, dashboards, and compliance reports using tools like ServiceNow, SharePoint, Microsoft SQL, and PowerBI.
- Develop reports, briefs, and metrics to communicate vulnerability status, remediation progress, and compliance standing to leadership.
- Assist in refining policies, procedures, and workflows related to vulnerability management, security operations, and continuous monitoring.
- Stay up to date on emerging vulnerabilities, CVEs, threat intelligence, and best practices to proactively identify risk areas and improve security controls.
- All other duties assigned.
Qualifications- Hands-on experience with vulnerability scanning tools (e.g., Tenable products, Qualys, or NMAP) and interpreting technical scan results.
- Familiarity with patch management processes, vulnerability remediation, and risk prioritization frameworks (e.g., CVSS, CISA KEV, etc.).
- Demonstrated experience supporting vulnerability lifecycle tracking and reporting using platforms such as ServiceNow, SharePoint, or PowerBI.
- Strong understanding of cybersecurity frameworks (e.g., NIST 800-53, NIST CSF) and basic compliance requirements.
Preferred Qualifications- Experience with vulnerability management in cloud environments (Azure, AWS, GCP).
- Proficiency in scripting or automation using Python, PowerShell, SQL, or DAX.
- Familiarity with SIEMs and security tool integration for contextualizing vulnerability data.
- Strong communication and reporting skills, including experience presenting technical findings to non-technical audiences.
- Proven ability to work independently and collaborate with cross-functional teams in a fast-paced environment.
Clearance:- A current DoD secret or higher, clearance.
Education & Experience:- Bachelor's degree in Cybersecurity, Information Technology, or a related field. An additional 2 years of experience may be substituted for a degree.
- Offensive Security Certified Professional (OSCP) Certification
- 3-10 years of experience in cybersecurity, vulnerability management, or security operations.
Location:- Aberdeen Proving Grounds, Maryland.
- Monday-Friday.
Travel:Join the Team: Tech(x) is a customer centric team, both external and internal customers. This team supports each other to be successful on the job and in meeting the mission.
