Penetration Tester
Job Description
Penetration tester role focused on conducting testing and analysis to uncover vulnerabilities, develop exploits, and design attack methodologies.
Responsibilities
- Perform targeted testing and analysis to detect vulnerabilities and potential threat vectors across systems and networks.
- Develop exploits to validate security gaps.
- Engineer attacker-style methodologies to evaluate security controls and resilience.
- Utilize the MITRE ATT&CK framework and common security control implementations to plan and execute threat-based assessments.
- Provide advanced advisory input, apply broad technical expertise, and contribute industry-wide knowledge.
- Develop innovative solutions to complex security challenges.
- Operate with minimal supervision while mentoring or supervising teammates as needed.
Requirements
- Minimum 3 years of experience with MITRE ATT&CK, test planning, and security control assessment.
- Minimum 3 years in cyber penetration testing or creating risk and threat mitigation plans.
- Minimum 3 years of experience operating in Linux, Windows, and virtual platforms.
- Minimum 3 years of experience with computer attack methods and system exploitation techniques.
- Minimum 3 years of experience applying adversarial tactics to hands-on security testing.
- Minimum 3 years of experience performing network security analysis, including software or traffic analysis.
- Secret security clearance.
- High school diploma or GED.
Technologies
- MITRE ATT&CK
- Atomic Red Team
- Scythe
- Mandiant ASV
- AttackIQ
- Java
- Ruby
- Python
- JavaScript
- Rust
- C
Benefits
- Health benefits
- Life benefits
- Disability benefits
- Financial benefits
- Retirement benefits
- Paid leave
- Professional development
- Tuition assistance
- Work-life programs
- Dependent care
- Recognition awards program
Location
Fort Meade, MD (onsite)
Identity verification
- The hiring process includes identity verification using advanced biometrics and AI to confirm identity and prevent fraud.
- Candidates may be on camera during interviews and assessments.
- Booz Allen reserves the right to capture a photo to verify identity and deter fraud.
Candidate AI usage policy
- AI is integrated into Booz Allen's daily work and is used responsibly and ethically.
- The candidate process is based on your own skills and knowledge to ensure fairness.
- Use of AI or similar tools to assist with interview responses is prohibited unless explicit permission is granted.
Work model
- Remote: May require occasional in-person work at Booz Allen or a customer facility.
- Hybrid: Regular work from a Booz Allen facility is expected, with possible visits to customer facilities.
- Onsite: Primary work conducted at a Booz Allen office or customer facility, collaborating with colleagues and clients.
Clearance
Applicants selected will undergo a security investigation and must meet eligibility requirements for access to classified information; a Secret clearance is required.
Compensation
Salary is determined by location, education, knowledge, skills, competencies, experience, contract affordability, and organizational needs. The projected range is USD 86,900 to USD 198,000 per year. This posting closes within 90 days from the posting date.
Nice if you have
- Experience with breach and attack simulation tools such as Atomic Red Team, Scythe, Mandiant ASV, or AttackIQ
- Experience manually auditing source code (Java, Ruby, Python, JavaScript, Rust, or C) to identify security issues
- Experience with system security engineering and security architecture
- Knowledge of tools, tactics, and techniques targeting AI systems and their ecosystems
- Bachelor's degree in computer science, information systems, engineering, or related field
- Offensive security certifications such as OSCP, CPTS, EJPT, GPEN, or GIAC Cloud Penetration Tester
Commitment to non-discrimination
All qualified applicants will receive consideration for employment without regard to disability, veteran status, or any other status protected by applicable law.
Similar Jobs
J
J