Cyber Penetration Tester - SME

Overview

The Squires Group is seeking an experienced Cyber Penetration Tester to support a critical federal program focused on advancing cybersecurity and technology security initiatives. In this role you will support the Federal Agencies Team by leading penetration tests to assess customer system security, identifying vulnerabilities and recommending remediations to meet NIST 800-53 controls, reporting findings to system owners and engineers, maintaining infrastructure, and developing or modifying tools to automate discovery and exploitation.

Work will be performed ONSITE in Arlington, VA. Per our client contract, candidates must be U.S. Citizens, possessing a Secret clearance with eligibility to obtain a final Top Secret security clearance.

Responsibilities

• Conduct and lead penetration testing efforts for the Federal Agency's Team to evaluate the security posture of customer systems.
• Identify system vulnerabilities and create recommended remediation strategies to meet NIST 800-53 security requirements.
• Present and explain assessment findings to system owners and engineering teams.
• Manage and sustain Team's infrastructure to ensure operational readiness.
• Design, develop, or adapt tools to automate the discovery and exploitation of vulnerabilities
  
  

Qualifications

• Bachelor’s degree with 9 years of experience, or a Master’s degree with 7 years of experience; an additional 4 years of experience may substitute for a degree
• At least 5 years of hands-on penetration testing experience.
• Possess at least one of the following certifications:
• CASP CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISSP (or Associate), Cloud , CySA , GCED, GCIA, GCIH, GICSP, SCYBER, VCA DCV, PPDA, Agile IC, or ServiceNow Application Developer.
• Proven experience using Kali Linux in testing environments.
• Demonstrated proficiency with penetration testing tools such as Nmap, Burp Suite, and Metasploit.
• Strong ability to evaluate vulnerabilities, conduct root cause analysis, and document findings in alignment with methodologies like NIST SP 800-115, PTES, ISSAF, and OWASP Web Security Testing Guide.
• Proven leadership skills in managing penetration testing efforts and mentoring Senior and Junior Penetration Testers.
• U.S. citizenship is required.
• Active Secret security clearance, with the ability to obtain a final Top Secret clearance.
  

Preferred Qualifications

• Active Top Secret or TS/SCI security clearance.
• One of the following or an equivalent, verifiable certification demonstrating advanced IT security knowledge:
• CompTIA CASP , ISC2 CISSP, ISC2 CCSP, or ISC2 ISSEP.
• One of the following or an equivalent, verifiable certification showing practical penetration testing skills:
• OSCP, Hack the Box CPTS, TCM Security PNPT, or GIAC GXPN.
• Completion of Zero Point Security Red Team Ops II training
  

Advanced Understanding Of The Following Areas

• NIST Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes.
• Core security principles including confidentiality, integrity, availability (CIA), identity and access management (IAAAA), and risk management.
• Networking fundamentals such as IP routing, TCP/UDP protocols, VPNs, firewalls, and NAT.
• Common network protocols including SSH, FTP, SMTP, SMB, and HTTP.
• Operating system concepts such as process and device management, user administration, and file systems.
• Data handling techniques including encoding, hashing, and encryption.
• Scripting and programming skills in Bash, Python, PowerShell, and JavaScript.
• Identification and exploitation of application vulnerabilities like outdated components, misconfigured permissions, insufficient input validation, and monitoring failures.
• Web application security issues including XSS, SQL injection, local file inclusion (LFI), improper file uploads, and broken authentication.
• Active Directory (AD) enumeration and exploitation techniques such as Kerberoasting, AS-REP roasting, privilege escalation, and golden ticket attacks.
• Public Key Infrastructure (PKI) concepts and the challenges of multi-factor authentication in IT environments.
• Experience with cloud platforms such as AWS, Microsoft Azure, and Google Cloud Platform (GCP).
  
  

Check out our Referral Program!

The Squires Group will pay you for every qualified professional that you refer and we place. If you see a position posted by The Squires Group and know the perfect person for the job, please send us your referral. For more information, go to https://bit.ly/squiresreferral .