Senior Penetration Testing, Software Assurance & Vulnerability Assessment Engineer

OneZero Solutions

$120K — $150K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Computer Science, or related field, or equivalent experience
  • Relevant certifications: CEH, OSCP, GPEN, CISSP, or similar
  • 15+ years total cybersecurity experience, with 5+ years in various penetration testing domains
  • 5+ years in software assurance with experience in secure code review and vulnerability analysis
  • 4+ years in enterprise patch management and remediation frameworks
  • 4+ years architecting and securing cloud environments and Cross Domain Solutions
  • Experience supporting DHS or federal programs, knowledgeable in RMF and NIST compliance

Responsibilities

  • Conduct advanced penetration testing and vulnerability assessments on multiple systems
  • Utilize both automated tools and manual techniques for security weakness identification
  • Perform red team operations simulating real-world threats against classified and unclassified systems
  • Conduct secure code reviews and application security testing across various platforms
  • Assess cloud-native architectures and Cross Domain Solutions for security issues
  • Analyze findings to identify systemic vulnerabilities within organizations
  • Develop and enhance penetration testing methodologies and SOPs

Benefits

  • On-site work in a secure facility
  • Opportunities for continued professional development and training
  • Collaboration with federal agencies and subject matter experts
  • Engagement in cutting-edge cybersecurity initiatives
Full Job Description
Position Title: Senior Penetration Testing, Software Assurance & Vulnerability Assessment Engineer

Location: On-site in a SCIF in the National Capital Region (NCR) - Nebraska Avenue Complex, Washington, DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hours

Clearance: TS/SCI

Job Summary:

Performs advanced penetration testing, vulnerability assessments, and software assurance activities to identify and mitigate security weaknesses across DHS systems.

Education and Experience:
  • Bachelor's degree in Cybersecurity, Computer Science, or related field or equivalent years of experience.
  • CEH, OSCP, GPEN, CISSP, or equivalent experience
  • 15+ years of total cybersecurity experience, with demonstrated SME-level depth across the following disciplines:
  • 5+ years conducting penetration testing across multiple domains (network, application, red team, physical, and/or wireless)
  • 5+ years in software assurance, including secure code review, threat modeling, SAST/DAST tooling, and vulnerability analysis across multiple languages and platforms
  • 4+ years in enterprise patch management and vulnerability remediation, including prioritization frameworks (CVSS, EPSS), SLA enforcement, and remediation validation
  • 4+ years architecting, assessing, and securing cloud environments (AWS, Azure, GCP) and/or Cross Domain Solutions (CDS), including cloud-native attack surface analysis
  • Significant experience supporting DHS, Intelligence Community (IC), or other federal agency programs, with deep familiarity with RMF, ICD 503, NIST 800-53/800-115, and related compliance frameworks
  • Experience briefing findings and recommendations to senior leadership, program managers, and authorizing officials

Essential Duties:
  • Conduct advanced penetration testing and vulnerability assessments across networks, applications, AI systems, cloud environments, and DevSecOps pipelines
  • Employ both automated tooling and sophisticated manual techniques to identify, validate, exploit, and analyze security weaknesses across complex, multi-domain environments
  • Perform red team operations and adversary emulation exercises aligned to MITRE ATT&CK TTPs, simulating realistic threat actor behavior against classified and unclassified systems
  • Conduct secure code reviews, static and dynamic application security testing (SAST/DAST), and software assurance activities across multiple languages and platforms
  • Assess Cross Domain Solutions (CDS), cloud-native architectures, and hybrid environments for misconfigurations, privilege escalation paths, and lateral movement opportunities
  • Analyze and correlate findings across assessments to identify systemic vulnerabilities and patterns, not just individual weaknesses
  • Lead and direct penetration test programs across multiple concurrent systems, coordinating scope, scheduling, and resource allocation
  • Develop, maintain, and continuously improve penetration testing methodologies, playbooks, and Standard Operating Procedures (SOPs)
  • Serve as a subject matter expert and technical authority on offensive security techniques, vulnerability research, and exploit development

Similar Jobs

More Jobs at OneZero Solutions

More Information Technology Jobs

Find similar Senior Penetration Testing, Software Assurance & Vulnerability Assessment Engineer jobs: