CybersecurityJobs.io
← Back to all jobs

Job Description

Senior Penetration Tester role at Agile Defense supporting an Agency-level cybersecurity program with enterprise-level penetration testing, including web application and API testing; remote work with onsite in Alexandria, VA when directed; salary USD 115,000 - 150,000 per year.

Responsibilities

  • Perform web application and API (including database interfaces) penetration testing as part of enterprise assessments.
  • Examine workflows, API endpoints, authentication flows, and authorization controls to identify security weaknesses and business logic flaws.
  • Coordinate with system owners, developers, and security personnel to communicate findings and support remediation efforts.
  • Validate vulnerabilities after remediation through follow-up testing.
  • Produce and review penetration testing analysis reports.
  • Stay informed on emerging threats, vulnerabilities, attack techniques, and mitigation strategies relevant to penetration testing.
  • Collaborate with fellow assessment and agency Cybersecurity personnel on enterprise security initiatives and testing operations.
  • Identify weaknesses across company systems.
  • Design tests and scenarios for various penetration testing engagements.
  • Document results and communicate them to engineers and management.
  • Provide recommendations for new technologies and system designs based on test results.
  • Develop automated testing programs where feasible and efficient.

Requirements

  • Minimum 4 years of hands-on experience in assessing APT threats, penetration testing, vulnerability management, attack methodologies, malware analysis, attack surface understanding, cyber threat emulation operations, and research into new APT TTPs.
  • Familiarity with API testing methodologies including REST, SOAP, JSON, XML, and authentication/token workflows.
  • Understanding of OWASP Top 10, API Security Top 10, and common web application attack vectors.
  • Experience writing technical security assessment reports and communicating findings to technical and non-technical stakeholders.
  • Experience with Kali Linux, Metasploit, Burp Suite, and post-exploitation frameworks.
  • Knowledge and experience in Penetration Testing, SOC support, and coordination with security teams to strengthen enterprise security posture.
  • Ability to research and stay up to date with emerging threats and Threat Emulation methodologies.
  • Able to automate tasks and script at a basic level.
  • Familiarity with NIST and FISMA compliance.
  • Working knowledge of enterprise operating systems (Windows, OS X, Linux), conceptual understanding of Windows Active Directory, and familiarity with network protocols and standards (TCP, UDP, ICMP, BGP, MPLS, SMTP, DNS, DHCP, SQL, HTTP, HTTPS).
  • Bachelor's degree required.

Technologies

  • Kali Linux
  • Metasploit
  • Burp Suite
  • REST
  • SOAP
  • JSON
  • XML
  • Windows
  • OS X
  • Linux
  • Windows Active Directory
  • TCP
  • UDP
  • ICMP
  • BGP
  • MPLS
  • SMTP
  • DNS
  • DHCP
  • SQL
  • HTTP
  • HTTPS

Working Conditions

  • Remote position

Our Core Values

  • Happy: foster a positive, contagious vibe that enhances motivation and collaboration.
  • Helpful: provide supportive teamwork that strengthens collective success.
  • Honest: uphold trustworthy and ethical communication across all levels.
  • Humble: stay grounded, respectful, and open to learning from others.
  • Hungry: pursue excellence with a mindset of continuous improvement and innovation.
  • Hustle: demonstrate a proactive work ethic and dedication to advancing the mission.

Similar Jobs