Penetration Tester, Mid
Job Description
Praescient Analytics is seeking a Mid level Penetration Tester to support the DoW's War Data Platform in Arlington, Virginia. This onsite role conducts comprehensive penetration testing across applications, networks, and hybrid-cloud systems and requires an active TS/SCI clearance.
Responsibilities
- Comprehensive Security Testing: Execute a range of penetration tests, including network, web application, and social engineering assessments, employing a blend of advanced manual techniques and automated tools to identify and safely exploit vulnerabilities.
- Risk Assessment & Reporting: Assess overall system risk based on testing findings and produce detailed, actionable technical reports that map exploitation paths and potential mission impact.
- Remediation & Collaboration: Partner with network engineering, software development, and AI engineering teams to design, track, and implement robust remediation plans; provide deep technical insights to support incident response when needed.
- Methodology Evolution: Contribute to the ongoing development, refinement, and maintenance of internal penetration testing methodologies, custom testing tools, and baseline vulnerability assessment standards.
- Threat Intelligence Integration: Support the organization’s threat intelligence program by sharing insights, novel attack chains, and defensive gaps discovered during offensive assessments.
- Continuous Research: Stay current with emerging threat actors, zero-day vulnerabilities, and bypass techniques to continuously upgrade testing capabilities.
Requirements
- Active TS/SCI security clearance is required.
- Minimum of 3 years of hands-on experience in offensive security, ethical hacking, vulnerability research, or penetration testing.
- Strong familiarity with web application security frameworks (OWASP Top 10), cloud infrastructure security, network routing/protocols, and common scripting languages (e.g., Python, PowerShell, Bash) for tool customization.
- Must hold at least one of the following certifications: CompTIA Cloud+, GIAC Certified Enterprise Defender (GCED), GIAC Certified Incident Handler (GCIH), GIAC Industrial Cyber Security Professional (GICSP), GIAC Security Essentials (GSEC), CompTIA PenTest+, CompTIA Security+.
Technologies
- OWASP Top 10
- Python
- PowerShell
- Bash
Benefits
- Very competitive salary based on qualifications and experience
- Company-paid healthcare coverage for the employee, including premiums and deductibles
- 401(k) with company match
- Travel and performance incentives
- Three weeks of paid time off plus Federal holidays
- $5,000 annual training allowance
Preferred Certifications
- Certified Computer Examiner (CCE) or CyberSec First Responder (CFR)
- Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
- Certified Information Systems Security Officer (CISSO)
- Certified Penetration Testing Engineer (CPTE)
- CompTIA CyberSecurity Analyst (CySA+)
- Federal IT Security Professional-Auditor (FITSP-A)
- GIAC Cloud Security Automation (GCSA)
- GIAC Penetration Tester (GPEN)
- GIAC Systems and Network Auditor (GSNA)
What You Can Expect From Us
- A genuine opportunity for career growth in an environment that recognizes achievements
- Ongoing collaboration with multiple teams to ensure client success
- A culture that respects and values your ideas and expertise
- Colleagues motivated by pursuing excellence rather than personal gain
- A workplace dedicated to supporting and improving public safety and government agency outcomes