CybersecurityJobs.io
← Back to all jobs

Job Description

AnalytGen̄ce, Inc. seeks a Senior Penetration Tester to support a DHS Intelligence and Analysis cybersecurity program in the National Capital Region. This onsite role in Washington, DC centers on advanced penetration testing, software assurance, vulnerability assessment, cyber supply chain risk management, secure cloud and hybrid engineering, and cross-domain security assessment.

Responsibilities

  • Lead and perform penetration tests, vulnerability assessments, software assurance work, and cyber supply chain risk management activities for Federal mission systems.
  • Apply end-to-end security testing using established frameworks such as MITRE ATT&CK, OWASP, NIST SP 800-115, and related Federal or IC assessment practices.
  • Assist with pre-engagement planning, define rules of engagement, gather intelligence, conduct threat modeling, perform vulnerability analysis, exploitation, post-exploitation activities, and reporting.
  • Utilize approved automated and manual testing methods to identify vulnerabilities, validate exploitability, and evaluate potential business and operational impacts.
  • Identify vulnerabilities that automated tools frequently miss through expert-driven manual testing techniques.
  • Evaluate SOC detection and response capabilities through controlled testing activities.
  • Prepare penetration testing reports, vulnerability assessment reports, software assurance recommendations, and corrective action guidance.
  • Support software assurance through vulnerability and compliance testing, source code review, static/dynamic analysis, dependency review, and software supply chain risk identification.
  • Conduct vulnerability assessments and interpret results to propose corrective actions and mitigation strategies.
  • Support secure cloud, hybrid, DevSecOps, application, identity, API, microservices, CI/CD, Zero Trust, and cross-domain assessment activities.
  • Maintain secure testing kits and assessment tooling, including patching, configuration updates, and approved tool management.
  • Update and maintain penetration testing, SCRM, and vulnerability assessment procedures.
  • Support audits, working groups, and stakeholder briefings related to penetration testing, software assurance, vulnerability assessment, and cyber supply chain risk.
  • Identify opportunities to improve testing processes, automate assessment workflows, strengthen reporting, and produce metrics for leadership and technical stakeholders.
  • Translate assessment findings into actionable remediation plans, risk insights, POA&M inputs, dashboards, and decision-ready reporting.

Requirements

  • Active TS/SCI clearance with polygraph.
  • More than ten years of related cybersecurity assessment, penetration testing, software assurance, vulnerability assessment, or cyber supply chain risk experience.
  • At least two years of recent experience in each of the following areas: software assurance, automated-tool assisted penetration testing, vulnerability assessment, security patch management, and secure cloud and hybrid engineering.
  • Experience with Cross Domain Solutions.
  • CEH and CISSP certifications, or comparable demonstrable experience.
  • Experience conducting penetration testing, vulnerability assessments, software assurance, source code review, SCRM, and cyber supply chain management activities.
  • Experience using both automated tools and manual testing processes to identify, validate, and document vulnerabilities.
  • Experience producing technical reports, corrective action recommendations, mitigation strategies, and executive-ready summaries.
  • Strong understanding of vulnerability management, exploitability, secure configuration, remediation validation, and operational risk.
  • Strong written and verbal communication skills.
  • Ability to work onsite at a government-approved location as required.

Technologies

  • MITRE ATT&CK
  • OWASP
  • NIST 800-115
  • Archer
  • eMASS
  • Xacta

Preferred Qualifications

  • Experience in DHS, Intelligence Community, DoD, CISA, classified red team, software assurance, SCRM, CVPA, vulnerability research, or national security cyber assessment roles.
  • Familiarity with MITRE ATT&CK, OWASP, NIST 800-115, IC Raise the Bar, NIST SP 800-161, CNSSI 1253, DHS 4300C, or related Federal/IC cybersecurity frameworks.
  • Proven experience testing cloud, application, identity, API, microservices, CI/CD, DevSecOps, Zero Trust, cross-domain, and hybrid TS/SCI environments.
  • Experience with SBOM analysis, static/dynamic code analysis, dependency review, source code review, exploit validation, secure configuration, and remediation validation.
  • Hands-on work with GRC platforms such as Archer, eMASS, or Xacta, including translating findings into POA&Ms, dashboards, scorecards, and remediation workflows.

Similar Jobs