Koniag Government Services

Penetration Testers - Senior (Lead)

Koniag Government Services$100K — $130K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Computer Science, or related field.
  • 8+ years of progressive offensive security experience, with at least 4 years in a senior role.
  • Demonstrated experience in federal government or large enterprise environments.
  • Relevant certifications such as OSCP, OSWE, or GPEN.

Responsibilities

  • Lead planning and execution of advanced penetration tests across SBA's IT environments.
  • Design red team operations that simulate advanced persistent threats (APTs).
  • Conduct exploitation of vulnerabilities and demonstrate real-world impact.
  • Develop and maintain documented methodologies and rules of engagement for testing.
  • Produce detailed reports and briefings for technical and non-technical stakeholders.
  • Collaborate with security teams to communicate findings and validate remediation efforts.
  • Conduct application and cloud penetration tests, identifying and exploiting vulnerabilities.

Benefits

  • Professional development opportunities and mentorship programs.
  • Collaborative work environment with a focus on innovation.
  • Chance to work on diverse and impactful federal security projects.
Full Job Description
is seeking a Penetration Testers - Senior (Lead) to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Senior Lead Penetration Tester to support the U.S. Small Business Administration (SBA). The ideal candidate is a highly skilled offensive security professional with extensive experience planning, leading, and executing advanced penetration testing and red team operations across complex federal IT environments. This individual will serve as the technical lead for SBA's penetration testing program, providing expert guidance on adversary simulation, vulnerability exploitation, and security control validation to help the agency identify and remediate security weaknesses before they can be exploited by real-world adversaries.

The Senior Lead Penetration Tester will serve as the primary technical lead for all penetration testing and offensive security activities supporting SBA's cybersecurity program, overseeing the full lifecycle of penetration testing engagements, red team operations, and adversary simulation exercises across SBA's enterprise environment. This individual will bring deep technical expertise, strong leadership capabilities, and a comprehensive understanding of adversary TTPs to drive a high-quality, mission-focused penetration testing program that meaningfully strengthens SBA's security posture.

Principal responsibilities will include but are not limited to:
  • Lead the end-to-end planning, scoping, coordination, execution, and reporting of advanced penetration testing engagements across all components of SBA's enterprise IT environment, including network infrastructure, web applications, mobile applications, APIs, cloud environments, and supporting systems and services.
  • Design and execute sophisticated red team operations and adversary simulation exercises that realistically emulate the tactics, techniques, and procedures (TTPs) of advanced persistent threat (APT) actors, nation-state adversaries, and other sophisticated threat actors known to target federal civilian agencies.
  • Conduct advanced exploitation of vulnerabilities identified during penetration testing engagements, including privilege escalation, lateral movement, persistence establishment, credential harvesting, and data exfiltration, to accurately demonstrate the real-world impact and exploitability of identified security weaknesses.
  • Develop and maintain a comprehensive, documented penetration testing methodology, program charter, and rules of engagement (ROE) for SBA's penetration testing program, ensuring alignment with industry best practices and federal security requirements including NIST SP 800-115 and applicable CISA guidance.
  • Produce detailed, high-quality penetration test reports and executive-level briefings documenting engagement scope, methodologies, technical findings, exploitation evidence, risk ratings, attack narratives, and prioritized, actionable remediation recommendations tailored to both technical and non-technical SBA audiences.
  • Collaborate with SBA security leadership, the Cybersecurity Architect, SOC teams, and system owners to communicate penetration testing findings, validate remediation efforts through retesting activities, and provide expert guidance on the prioritization and resolution of identified vulnerabilities and security control gaps.
  • Conduct web application penetration testing in accordance with industry frameworks and standards including the OWASP Testing Guide and OWASP API Security Top 10, identifying and exploiting vulnerabilities including injection flaws, broken authentication, cross-site scripting (XSS), insecure direct object references (IDOR), business logic flaws, and other advanced application security vulnerabilities.
  • Perform cloud penetration testing and security configuration assessments across AWS, Azure, and/or GCP environments, evaluating the security of cloud service configurations, IAM policies, storage services, network controls, serverless functions, and container environments.
  • Develop and utilize custom exploitation tools, offensive scripts, and proof-of-concept (PoC) code to demonstrate the exploitability of identified vulnerabilities and support penetration testing operations in scenarios where commercial tools are insufficient or inappropriate.
  • Lead social engineering assessments, including phishing and spear-phishing campaigns, vishing exercises, and physical penetration testing activities, to evaluate SBA's human and physical security controls and the effectiveness of the agency's security awareness program.
  • Support and validate vulnerability management activities by providing expert-level analysis of vulnerability scan results, assessing real-world exploitability and risk in the context of SBA's environment, and advising on remediation prioritization strategies based on actual exploitation risk.
  • Stay current with the latest offensive security research, vulnerability disclosures, exploit development techniques, and adversary TTPs, continuously applying new knowledge to improve the quality, realism, and effectiveness of SBA's penetration testing program.
  • Mentor and provide senior technical leadership to junior and mid-level penetration testers, fostering professional growth, knowledge transfer, and the continuous development of the offensive security team's technical capabilities.
  • Ensure all penetration testing and offensive security activities are conducted in strict compliance with SBA's approved rules of engagement, applicable federal laws and regulations, and the ethical standards governing offensive security research and testing.
  • Coordinate and lead purple team exercises in collaboration with SBA's blue team, SOC, and incident response teams, designing realistic attack scenarios to validate detection and response capabilities and drive measurable improvements in SBA's defensive posture.

Education and Experience:

Required:
  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field from an accredited college or university.
  • 8+ years of progressive experience in offensive security, with at least 4 years of dedicated experience leading and executing advanced penetration testing and red team operations in a senior or lead capacity.
  • Demonstrated experience conducting advanced penetration testing and red team operations within a federal government or large enterprise IT environment.
  • One or more of the following certifications:
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Experienced Penetration Tester (OSEP)
  • Offensive Security Web Expert (OSWE)
  • GIAC Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • Certified Penetration Testing Engineer (CPTE)
  • Certified Red Team Professional (CRTP)

Desired:
  • Master's degree in Cybersecurity, Computer Science, or a related field.
  • 10+ years of offensive security experience, with a strong background supporting federal government or defense contracting penetration testing and red team programs.

Required Skills and Competencies:
  • Exceptional communication skills in English - both written and oral - with the ability to clearly articulate complex offensive security findings, exploitation narratives, and remediation recommendations to both technical and non-technical audiences, including senior SBA leadership and government contracting officials.
  • Advanced expertise in penetration testing methodologies and industry frameworks, including PTES, OWASP, NIST SP 800-115, and MITRE ATT&CK, with demonstrated ability to apply these frameworks across diverse target environments, assessment types, and engagement scopes.
  • Deep proficiency in network penetration testing, including all phases of the engagement lifecycle: reconnaissance, scanning and enumeration, exploitation, privilege escalation, lateral movement, persistence, and post-exploitation techniques across both Windows and Linux environments.
  • Advanced experience in web application and API penetration testing, including the identification and exploitation of OWASP Top 10 and beyond vulnerabilities in modern web application architectures, RESTful and SOAP APIs, and web services.
  • Strong hands-on experience with industry-standard penetration testing tools and offensive security platforms, including Metasploit Framework, Burp Suite Professional, Cobalt Strike, BloodHound, Mimikatz, Impacket, Nmap, Nessus, Nikto, SQLMap, Responder, and equivalent utilities.
  • Proficiency in scripting and programming languages, including Python, PowerShell, Bash, and/or Ruby, for the development of custom exploitation tools, offensive automation scripts, and proof-of-concept code tailored to specific penetration testing objectives.
  • Experience planning, designing, and executing full-scope red team operations and adversary simulation exercises, including the realistic emulation of APT TTPs using the MITRE ATT&CK framework to comprehensively assess the effectiveness of SBA's defensive controls and detection capabilities.
  • Demonstrated expertise in cloud penetration testing across AWS, Azure, and/or GCP environments, including the assessment of cloud-native services, IAM misconfigurations, storage security, network controls, serverless functions, and container and Kubernetes environments.
  • Experience planning and conducting social engineering assessments, including phishing campaign design and execution, vishing exercises, and physical penetration testing activities, with the ability to document findings and provide actionable awareness and control improvement recommendations.
  • Strong knowledge of Active Directory architecture and common Active Directory attack techniques, including Kerberoasting, AS-REP Roasting, Pass-the-Hash, Pass-the-Ticket, DCSync, Golden Ticket, and Silver Ticket attacks, and the tools and methods used to execute and defend against these techniques.
  • Ability to produce high-quality, comprehensive penetration test reports and executive-level briefings that clearly communicate engagement scope, methodology, technical findings, exploitation evidence, risk ratings, and prioritized remediation recommendations.
  • Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-115, FISMA, and applicable CISA guidance, and their relationship to offensive security and penetration testing activities within a federal civilian agency environment.
  • Ability to obtain and maintain a Public Trust Clearance.

Desired Skills and Competencies:
  • Prior experience supporting SBA or other federal civilian agency penetration testing or red team programs, with demonstrated knowledge of SBA's IT environment, system portfolio, and applicable security requirements.
  • Experience conducting hardware and firmware penetration testing, including the assessment of IoT devices, embedded systems, network appliances, and physical access control systems.
  • Familiarity with mobile application penetration testing for iOS and Android platforms, including the identification and exploitation of mobile-specific vulnerabilities and insecure data storage practices.
  • Experience with advanced exploit development and vulnerability research, including binary exploitation techniques, reverse engineering of compiled code, and the development of custom shellcode or exploits targeting identified vulnerabilities.
  • Knowledge of operational security (OPSEC) principles and their application in red team and adversary simulation operations to realistically emulate threat actor behaviors and evade detection by SOC teams and defensive controls.
  • Offensive Security Exploitation Expert (OSEE) or Offensive Security Defense Analyst (OSDA) certification.
  • Demonstrated experience leading and facilitating purple team exercises, collaborating with blue team analysts and SOC personnel to design realistic attack scenarios, validate detection and response capabilities, and drive measurable improvements in defensive posture.
  • Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools, their security implications, and their potential relevance as targets or intelligence sources during penetration testing engagements within a federal civilian agency environment.
  • Experience with container security assessments and Kubernetes penetration testing, including the identification and exploitation of misconfigurations, insecure container images, and privilege escalation paths within containerized environments.
  • Knowledge of adversarial machine learning techniques and their potential application in offensive security operations targeting AI/ML-enabled systems and decision-making processes.
  • Experience conducting penetration testing within FedRAMP authorized cloud environments, with familiarity with FedRAMP authorization boundaries, inherited controls, and the security requirements applicable to penetration testing activities within FedRAMP boundaries.
  • Familiarity with bug bounty program management and responsible disclosure practices, and experience contributing to or managing vulnerability disclosure programs within a federal or enterprise environment.

About Koniag Government Services

Koniag Government Services Careers

Join the dynamic team at Koniag Government Services, a leader in providing innovative solutions to government clients. This esteemed company offers a plethora of job opportunities that pave the way for professional growth and career advancement in a diverse and inclusive environment.

Explore Career Opportunities

Koniag Government Services is actively hiring and offers a range of positions that cater to various skills and experiences. Whether you're a seasoned professional or a recent graduate, Koniag Government Services provides a platform to enhance your career through meaningful work in a supportive culture.

Innovation and Leadership

At the forefront of innovation, Koniag Government Services encourages its team to lead with creativity and strategic thinking. The company is committed to leadership development and diversity training, ensuring that all team members have the opportunity to excel and contribute to industry-leading projects.

Professional Growth and Development

Koniag Government Services is dedicated to the professional development of its employees. With comprehensive benefits, competitive employment packages, and opportunities for advancement, the company supports its team in achieving their career goals. Networking within the company and industry is encouraged, fostering a community of learning and mutual growth.

Internship Programs

For those starting their career journey, Koniag Government Services offers internship programs that provide real-world experience and a pathway to full-time employment. Interns gain valuable industry knowledge and develop essential skills under the guidance of experienced mentors.

Commitment to Diversity and Inclusion

Diversity is at the core of Koniag Government Services' values. The company is committed to creating an inclusive environment where diverse voices are heard and valued. Diversity training is integral, equipping the team with the tools to thrive in a multicultural setting.

Applying for a Position

To apply for a position at Koniag Government Services, candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess fit both for the role and the company culture, ensuring alignment with the team’s values and objectives.

Stay Connected with Koniag Government Services Careers

Explore the various job opportunities and embark on a path of professional growth and innovation. Koniag Government Services is not just a workplace but a community where careers flourish in an environment of respect, integrity, and continuous learning.

Search Koniag Government Services Jobs

Discover the exciting career opportunities available at Koniag Government Services. Search for open positions that match your skills and interests, and join a team that values curiosity, creativity, and collaboration.

Keep Up to Date

Stay informed with the latest career tips, industry insights, and company updates directly from Koniag Government Services. Engage with content that can transform your professional journey and lead to rewarding opportunities.

Job Alert Emails

Personalize your subscription to receive job alerts and insider tips tailored to your preferences from Koniag Government Services. See what exciting and rewarding opportunities await in the field of government services.
Learn more about Koniag Government Services
Size
501 employees
Industry

Similar Jobs

More Jobs at Koniag Government Services

  • Koniag Government Services
    FESI-SBIR Program Analyst
    $75K — $95K *
    Fort Washington, MD 20744 (Prince Georges County)
    Education, Government & Non-Profit
    In-Person
  • Koniag Government Services
    FESI-SBIR Program Analyst
    $75K — $95K *
    Washington, DC 20011 (District Of Columbia County)
    Energy & Utilities
    In-Person
  • Koniag Government Services
    Technical Writer
    $70K — $95K *
    Washington, DC 20011 (District Of Columbia County)
    Education, Government & Non-Profit
    In-Person
  • Koniag Government Services
    Program Manager
    $90K — $130K *
    Fort Washington, MD 20744 (Prince Georges County)
    Education, Government & Non-Profit
    In-Person
  • Koniag Government Services
    Technical Writer
    $70K — $95K *
    Fort Washington, MD 20744 (Prince Georges County)
    Education, Government & Non-Profit
    In-Person

More Information Technology Jobs

Find similar Penetration Testers - Senior (Lead) jobs: