Penetration Tester
Job Description
At cFocus Software Incorporated, this remote role centers on safeguarding NIH programs through rigorous offensive security testing. The position demands a Public Trust clearance and hands-on work across networks, applications, and cloud environments, with Red Team capabilities to simulate real-world adversaries. The successful candidate will bring strong enterprise testing experience and a disciplined approach to identifying and validating security weaknesses.
Summary
Remote support role for NIH initiatives at cFocus Software, requiring Public Trust clearance. The incumbent will conduct enterprise-level penetration testing across networks, web apps, and cloud platforms, and provide Red Team assistance.
Responsibilities
- Perform internal and external network penetration testing.
- Conduct web application penetration testing.
- Execute infrastructure security testing.
- Carry out cloud penetration testing.
- Assess operating system security.
- Test wireless security.
- Evaluate Active Directory security.
- Test application security.
- Simulate real-world cyberattacks using industry-standard offensive security methodologies.
- Conduct controlled exploitation to reveal security weaknesses.
- Validate the effectiveness of security controls.
- Map attack paths and identify privilege escalation opportunities.
- Document technical findings and supporting evidence.
- Prepare comprehensive penetration testing plans.
- Deliver Red Team support.
Requirements
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 5+ years of experience conducting penetration testing or offensive cybersecurity operations
- Experience performing enterprise penetration testing
- Experience with network and application security assessments
- Experience documenting technical security findings
- Ability to obtain and maintain NIH suitability/background investigation
- Active OSCP, OSEP, GPEN, GXPN, CEH, PenTest+, or CISSP
Qualifications
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 5+ years of experience conducting penetration testing or offensive cybersecurity operations
- Experience performing enterprise penetration testing
- Experience with network and application security assessments
- Experience documenting technical security findings
- Ability to obtain and maintain NIH suitability/background investigation
- Active OSCP, OSEP, GPEN, GXPN, CEH, PenTest+, or CISSP
Duties
- Perform internal and external network penetration testing.
- Conduct web application penetration testing.
- Execute infrastructure security testing.
- Perform cloud penetration testing.
- Conduct operating system security assessments.
- Perform wireless security testing.
- Assess Active Directory security.
- Conduct application security testing.
- Simulate real-world cyberattacks using industry-standard offensive security methodologies.
- Perform controlled exploitation activities to identify security weaknesses.
- Validate effectiveness of implemented security controls.
- Identify attack paths and privilege escalation opportunities.
- Document technical findings and supporting evidence.
- Prepare comprehensive penetration testing plans.
- Provide Red Team Support.