Penetration Testing - Mid-Level/Senior

FEDITC LLC

$90K — $130K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology or related field (Master's preferred)
  • 4+ years of penetration testing experience (8+ years for Senior level)
  • Experience with network and web application penetration testing
  • Familiarity with vulnerability assessment tools
  • Proficiency in writing technical reports
  • Knowledge of TCP/IP networking and Windows/Linux OS

Responsibilities

  • Conduct external and internal network penetration testing
  • Perform various security assessments, including web, cloud, and mobile applications
  • Analyze and correlate vulnerability scan results
  • Prepare technical documentation and reports
  • Present findings to technical and executive audiences
  • Provide cybersecurity expertise to support audit teams
  • Participate in planning meetings and status briefings

Benefits

  • Remote/hybrid work flexibility
  • Eligibility for HHS Tier 4 High Risk Public Trust
  • Opportunity to mentor junior staff
  • Professional development through engaging with Federal audit activities
  • Collaborative environment within the OIG Cyber Assessment Team
Full Job Description
Location: Remote / Hybrid / Travel as Required (U.S.)

Security Requirement:
Must be eligible to obtain and maintain an HHS Tier 4 High Risk Public Trust.

EnDyna is seeking experienced Penetration Testers to support the Department of Health and Human Services (HHS) Office of Inspector General (OIG) Cyber Assessment Team. The successful candidate will conduct advanced penetration testing, security assessments, vulnerability analysis, exploitation activities, technical reporting, and cybersecurity consulting supporting Federal audit activities.

Candidates will be considered for either Mid-Level or Senior positions based upon education, certifications, and demonstrated experience.

Position Responsibilities

The selected candidate will perform cybersecurity assessments including:

Penetration Testing
  • Perform external network penetration testing
  • Perform internal network penetration testing
  • Perform web application penetration testing
  • Perform cloud security assessments
  • Perform wireless security assessments
  • Perform mobile application testing
  • Perform container security assessments
  • Perform AI system security assessments
  • Conduct phishing and social engineering assessments
  • Perform information gathering and reconnaissance
  • Enumerate hosts, services, operating systems, applications and network devices
  • Identify vulnerabilities and attack paths
  • Exploit vulnerabilities using approved methodologies
  • Perform post-exploitation activities
  • Demonstrate persistence techniques
  • Evaluate data access and exfiltration opportunities
  • Document countermeasures encountered during testing
  • Validate remediation activities


Security Analysis
  • Analyze vulnerability scan results
  • Correlate findings from multiple tools
  • Eliminate false positives
  • Prioritize vulnerabilities based upon risk
  • Map findings to NIST, CVE, OWASP and Federal guidance
  • Develop mitigation recommendations


Documentation & Reporting

Prepare professional technical documentation including:
  • Rules of Engagement review
  • Attack confirmation lists
  • Penetration testing reports
  • Executive summaries
  • Technical findings
  • Risk analyses
  • Recommendations
  • Supporting evidence
  • Screenshots
  • Logs
  • Testing artifacts


Customer Interaction
  • Participate in planning meetings
  • Conduct entrance conferences
  • Present technical findings
  • Participate in status briefings
  • Explain vulnerabilities to both technical and executive audiences
  • Support audit teams throughout engagements


Technical Assistance

Provide cybersecurity expertise supporting OIG auditors by:
  • Performing vulnerability scans
  • Analyzing scan results
  • Advising auditors on security findings
  • Supporting remote assessments
  • Participating in technical discussions


Required Qualifications

Mid-Level
  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology or related field
  • 4+ years of penetration testing experience
  • Experience performing network and web application penetration testing
  • Experience with vulnerability assessment tools
  • Experience writing professional technical reports
  • Knowledge of TCP/IP networking
  • Understanding of Windows and Linux operating systems

Senior Level
  • Bachelor's degree (Master's preferred)
  • 8+ years of penetration testing experience
  • Experience leading penetration testing engagements
  • Advanced exploitation experience
  • Experience with cloud environments
  • Experience mentoring junior testers
  • Experience briefing executive leadership
  • Strong technical writing skills


Desired Technical Skills

Experience with:
  • Burp Suite Pro
  • Nmap
  • Nessus
  • Metasploit
  • Kali Linux
  • Wireshark
  • BloodHound
  • Impacket
  • CrackMapExec
  • PowerShell
  • Python
  • Azure
  • AWS
  • Docker
  • Kubernetes
  • Active Directory
  • Microsoft Entra ID
  • Wireless testing tools


Preferred Certifications

One or more of:
  • OSCP
  • OSCE
  • OSEP
  • GPEN
  • GWAPT
  • GXPN
  • GCIH
  • CISSP
  • Security+
  • PNPT
  • CRTO


Desired Knowledge

Experience with:
  • NIST SP 800-115
  • OWASP Testing Guide
  • MITRE ATT&CK
  • CVSS
  • Federal cybersecurity environments
  • FISMA
  • FedRAMP


Travel

Occasional travel throughout the United States may be required.

Similar Jobs

More Jobs at FEDITC LLC

More Information Technology Jobs

Find similar Penetration Testing - Mid-Level/Senior jobs: