Sr. Penetration Tester Job Category: Engineering Time Type: Full time Minimum Clearance Required to Start: TS/SCI with Polygraph Employee Type: Regular Percentage of Travel Required: None Type of Travel: None The Opportunity: CACI is seeking a talented Penetration Tester to join our team in Herndon, VA. If the idea of working with and among a team … well as prepaid courses to nationally recognized certification courses to grow your career. You can learn more about our program by accessing the landing page: VORPAL Jobs () Responsibilities: As Penetration Tester, you will be a part of planning and executing penetration tests in a Windows and Kali Linux environment. You will be called upon to solve technical puzzles … every day using your breadth of computer, network, and applications pen-testing experience. You will look for creative ways to break into a range of customer systems and illustrate to stakeholders what could happen if an adversary were to take aim at their network. Qualifications: Required: Must have an active TS/SCI with required Polygraph clearance University Degree More ❯
In this role, you will collaborate closely with our cyber threat intelligence, advisory, and response teams to expand our digital risk business. Your responsibility will include representing our global penetrationtesting team, overseeing the assessment of cybersecurity programs, ensuring alignment with industry standards and regulatory requirements, and guiding clients through complex third-party audits. Key Responsibilities Cybersecurity Program … as NIST, ISO 27001, and other relevant frameworks. Act as a trusted advisor, ensuring client cybersecurity postures are resilient, compliant, and in line with regulatory requirements. Vulnerability Assessment and PenetrationTesting Management Represent our vulnerability assessment and penetrationtesting team Partner with the penetrationtesting team to incorporate findings into broader cyber assurance reviews. … ensuring regulatory compliance across audit lifecycles. In-depth understanding of regulatory frameworks, with hands-on experience delivering compliance audits for both commercial and government sectors. In-depth understanding of penetrationtesting and vulnerability assessments and their integration into broader cyber assurance projects. Education & Certifications: Bachelor's or master's degree in information security, Computer Science, Engineering, or a More ❯
Colorado Springs, Colorado, United States Hybrid / WFH Options
OSAAVA Services
Description: We are seeking Cybersecurity Software Evaluators to assess and analyze the security of software applications used in high-security government environments. This role involves conducting cyber evaluations, security testing, and risk assessments on software applications to ensure compliance with Department of Defense (DoD) cybersecurity standards. This position is initially for a few months with the potential for long … Test applications for compliance with DoD cybersecurity frameworks, including NIST 800-53, RMF, and STIGs. • Work closely with developers, security engineers, and system administrators to implement security recommendations. • Perform penetrationtesting and vulnerability assessments on government software systems. • Document findings, create security reports, and provide actionable recommendations for remediation. • Assist with the development of secure coding practices and … with the ability to maintain it in valid status. • Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience). • 5+ years of experience in cybersecurity, penetrationtesting, or software security evaluation. • Certifications such as CISSP, CEH, OSCP, or GIAC GWEB are highly preferred. • Experience with secure coding practices and software vulnerability assessment tools (e.g. More ❯
and cyber security capabilities; manage multiple system security plans for development, test and production systems following the Risk Management Framework (RMF); manage cross domain capabilities; and support Security Verification Testing (SVT) of relevant Type 1 devices. You will provide support for adding new capabilities to a complex system with exacting interface, performance and security requirements. You will become part … and development systems and solving challenging issues on a large, significant program. The position requires a solid understanding of security practices and policies as well as hands-on vulnerability testing experience. You will have numerous responsibilities from day to day drawn from a wide array of activities. The strongest candidates will have experience working in these areas: Validating and … security solutions to ensure they meet customer specified requirements for processing information. Evaluating the impact of new development on the operational security posture of the system. Evaluating, reviewing, and testing critical software. Proposing, assessing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Auditing and assessing system security configuration settings using common methodologies and tools. Managing and More ❯
and cyber security capabilities; manage multiple system security plans for development, test and production systems following the Risk Management Framework (RMF); manage cross domain capabilities; and support Security Verification Testing (SVT) of relevant Type 1 devices. You will provide support for adding new capabilities to a complex system with exacting interface, performance and security requirements. You will become part … and development systems and solving challenging issues on a large, significant program. The position requires a solid understanding of security practices and policies as well as hands-on vulnerability testing experience. You will have numerous responsibilities from day to day drawn from a wide array of activities. The strongest candidates will have experience working in these areas: Validating and … security solutions to ensure they meet customer specified requirements for processing information. Evaluating the impact of new development on the operational security posture of the system. Evaluating, reviewing, and testing critical software. Proposing, assessing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Auditing and assessing system security configuration settings using common methodologies and tools. Managing and More ❯
liens associated with A&A activities as documented in the Plan of Actions and Milestones. • Perform hardening of ops systems, COTS and open-source product • Validate best practices in Penetrationtesting, Configuration analysis, and Security • Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing. Generating/… model and how specific devices and protocols interoperate, including knowledge of protocols, and services for common network traffic DoD/IC system security control requirements XACTA and SNOW Security testing and penetration tools that include Assured Compliance Assessment Solution (ACAS), Wireshark, Retina, Tripwire, etc Hands on experience and proficiency with the full Microsoft Office Suite and tools such More ❯
value. Assist in managing security incidents, vulnerabilities, and malfunctions, ensuring efficient resolution. Conduct forensically sound acquisitions of computer systems and media for evidence collection. Provide advice and guidance in penetrationtesting and improving service offerings. Carry out reviews, internal audits, and spot-checks to ensure effective operation of security measures. Provide expertise in the design and implementation of … science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law. 16. Provide appropriate advice and guidance in penetrationtesting and improving the service offering. 17. Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS More ❯
value. Assist in managing security incidents, vulnerabilities, and malfunctions, ensuring efficient resolution. Conduct forensically sound acquisitions of computer systems and media for evidence collection. Provide advice and guidance in penetrationtesting and improving service offerings. Carry out reviews, internal audits, and spot-checks to ensure effective operation of security measures. Provide expertise in the design and implementation of … science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law. 16. Provide appropriate advice and guidance in penetrationtesting and improving the service offering. 17. Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS More ❯
expectations. Responsibilities Collaborate with cross-functional teams to integrate robust security measures throughout the software development lifecycle. Design, implement, and manage CI/CD pipelines that include automated security testing, vulnerability scanning, and compliance validation. Develop and maintain infrastructure as code (IaC) configurations to ensure secure, scalable cloud and infrastructure deployments. Conduct comprehensive security assessments, code reviews, and penetrationtesting to identify and mitigate vulnerabilities. Monitor system and application logs for potential security threats and respond to incidents promptly. Implement and oversee identity and access management (IAM) solutions, maintaining secure authentication and authorization processes. Advise software engineers on secure coding practices and assist in addressing security vulnerabilities. Contribute to incident response activities by investigating and mitigating breaches More ❯
Experience with NIST Risk Management Framework or other similar control framework • Knowledge of vulnerability assessment tools including Nessus, Wireshark, Kali Linux, Nmap, Metasploit, and Lin/WinPEAS • Experience with penetrationtesting, adversarial emulation, or red teaming 2) Cloud Engineer A candidate must meet ALL of the below criteria. The candidate must: • Have one of the following o A More ❯
is. SIEM, IDS/IPS, ASM, WAF) to safeguard against security breaches, cyber threats and unauthorized access Report on and assist with all security events and incidents. Oversee Security testing, including penetrationtesting and vulnerability scanning Ensure products compliance with security standards and regulations Ensure NAVBLUE Security strategy deployment within technical operations Ensure effective synchronization and alignment … Excellent management, analytical and problem-resolution skills Working knowledge of the SDLC and AWS network architecture Knowledge of the SAFe Agile method would be an asset Understanding of security testing in the software pipeline (SAST, DAST, SCA, RASP) Knowledge of STRIDE, DICE and other threat and risk frameworks Knowledge of AWS tools Proven experience managing multiple projects simultaneously Practical More ❯
is. SIEM, IDS/IPS, ASM, WAF) to safeguard against security breaches, cyber threats and unauthorized access Report on and assist with all security events and incidents. Oversee Security testing, including penetrationtesting and vulnerability scanning Ensure products compliance with security standards and regulations Ensure NAVBLUE Security strategy deployment within technical operations Ensure effective synchronization and alignment … Excellent management, analytical and problem-resolution skills Working knowledge of the SDLC and AWS network architecture Knowledge of the SAFe Agile method would be an asset Understanding of security testing in the software pipeline (SAST, DAST, SCA, RASP) Knowledge of STRIDE, DICE and other threat and risk frameworks Knowledge of AWS tools Proven experience managing multiple projects simultaneously Practical More ❯
Birmingham, West Midlands, West Midlands (County), United Kingdom Hybrid / WFH Options
ECS Resource Group Ltd
new applications, on-premise and in Azure cloud environments. Monitor and manage vulnerability scanning tools, address findings, and coordinate remediation efforts with infrastructure and development teams. Support the development, testing, and annual validation of disaster recovery and backup plans. Create and maintain up-to-date security documentation. Act swiftly and collaboratively in the event of a cyber incident, ensuring … optimal recovery. Stay current with emerging threats and technological advancements in cybersecurity. Prepare for and manage annual penetrationtesting in collaboration with external vendors. Adhere to all Health & Safety policies and procedures. Actively participate in the Security Steering Group and other relevant group-level meetings. Maintain and report on security-related items within the risk register. To Be More ❯
implementation Information Security Maturity Audits/CMMI Certification or alignment with recognised industry standards Compliance with applicable regulations & legislation Building and implementing governance & risk management processes Design implementation and testing of security tooling BC/DR & Incident response capability building and testing Production of threat intelligence reports and research Supply Chain Risk Management Consultants must possess and be … limited oversight. There is a base requirement to demonstrate understanding of and find ways to integrate activity with BlueVoyant colleagues across the globe, specifically Digital Forensics, Incident Response and PenetrationTesting specialists as well as wider BlueVoyant service offerings when appropriate, to produce threat-aware products, services and outputs that are impactful, efficient, cohesive, and are enhanced with More ❯
years of experience in Information Assurance, Cybersecurity, or Network Security Engineering. Current Secret or Interim Secret Clearance is required. 2 years of experience in security assessments, risk analysis, and penetrationtesting methodologies. 2 years of experience managing security documentation, SAAR-N processing, and security audit requirements. Security+ Certification IAT LEVEL II Certification Preferred Qualifications: Security certifications such as More ❯
vulnerability remediation, threat analysis, and reporting Conduct Microsoft 365 and Cloud Security assessments to identify gaps and secure client environments Carry out offensive security and web application assessments (including penetrationtesting support) Collaborate with the CISO and Security Team to support pre- sales activities, assist with client onboarding and deliver professional security consultations Onboard clients into key security More ❯
firewalls, intrusion detection/prevention systems and WAFs. Knowledge of security compliance standards relevant to the SaaS industry, such as PCI, GDPR, ISO 27001, SOC2, NIST. Experience of external penetrationtesting scopes. Experience securing code reviews and security approvals Experience in Cryptography management & enhancements We value teamwork, collaboration & technical excellence – the company are heavily weighted toward technical staff More ❯
Central London, London, England, United Kingdom Hybrid / WFH Options
hireful
firewalls, intrusion detection/prevention systems and WAFs. Knowledge of security compliance standards relevant to the SaaS industry, such as PCI, GDPR, ISO 27001, SOC2, NIST. Experience of external penetrationtesting scopes. Experience securing code reviews and security approvals Experience in Cryptography management & enhancements We value teamwork, collaboration & technical excellence – the company are heavily weighted toward technical staff More ❯
planning and recommend implementation strategies. You will provide advice and assistance on various security and privacy matters, including policy, trusted product assessment, enterprise security engineering, secure cloud systems management, penetrationtesting, insider threat analysis, cyber situation awareness, attack detection, secure networking, secure operating systems, secure workstations, secure data management, secure web technology, secure protocols, and authentication. Responsibilities include More ❯
with SOC and incident response teams to support real-time cyber defense operations. Identify and analyze malicious activity, trends, and threat actor behavior to inform defensive strategies. Assist in penetrationtesting and uncovering network vulnerabilities. Recommend and implement best practices for securing information systems and infrastructure. Install and configure cybersecurity software and protective measures including firewalls and encryption. More ❯
expert advice and guidance on security best practices for AI development and deployment. Stay up to date on the latest AI security threats and vulnerabilities. Conduct security audits and penetrationtesting of AI systems. Collaboration: Collaborate with data scientists, AI engineers, and other stakeholders to ensure security is integrated throughout the AI lifecycle. Communicate security risks and recommendations More ❯
risks through risk analysis and management frameworks. Security Architecture Design : Creating and maintaining security architecture frameworks and models, such as SABSA, TOGAF, and NIST. Vulnerability Management : Conducting vulnerability assessments, penetrationtesting, and managing remediation efforts. Cloud Security : Implementing security measures for cloud environments, including AWS, Azure, and Google Cloud Platform. Non-technical requirements: Good presenter who can convey More ❯
Security Tooling: Contribute to the creation and maintenance of in-house tools that enhance our security capabilities and automation. Product Security Support: Assist in security assessments, threat modeling, and penetrationtesting, working closely with the Product Security team. Secure Development Lifecycle: Help implement and improve security gates within the SDLC. Adapt & Collaborate: Be prepared to dive into any More ❯
the Certification and Accreditation (C&A) process for all relevant systems Oversee physical security measures, including access control systems, surveillance, and security personnel management Conduct and oversee vulnerability assessments, penetrationtesting, and security audits for both cyber and physical security Develop and implement security awareness training programs covering both cyber and physical security for all personnel Manage incident More ❯
or cloud computing environment security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth) Knowledge of organization's evaluation and validation requirements Knowledge of penetrationtesting principles, tools, and techniques Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. Knowledge of Risk Management Framework (RMF) requirements Knowledge of system and More ❯