Penetration Tester Lead Job Description

Position Summary

Essential Duties and Responsibilities

• Lead enterprise penetration testing and vulnerability assessment activities supporting SBA ECS cybersecurity initiatives.
• Support Task Areas 3.5.4 and 3.5.4.7 by conducting advanced offensive security testing against enterprise systems applications cloud environments networks and security architectures.
• Plan coordinate and execute internal and external penetration testing engagements in accordance with federal cybersecurity standards and approved Rules of Engagement (ROE).
• Conduct application security testing against web applications APIs mobile applications and cloud-hosted systems.
• Perform network penetration testing exploitation lateral movement analysis privilege escalation testing and post-exploitation activities.
• Execute adversarial emulation and red team exercises to evaluate security controls monitoring capabilities and incident response effectiveness.
• Conduct vulnerability validation exploit research attack-path analysis and risk prioritization activities.
• Assess cloud security controls and configurations across Microsoft Azure AWS Microsoft 365 SaaS and hybrid cloud environments.
• Perform wireless security testing password auditing authentication testing and identity management assessments.
• Support phishing assessments social engineering testing and security awareness validation activities where authorized.
• Develop detailed technical penetration testing reports executive summaries remediation guidance and risk assessment documentation.
• Provide technical recommendations for remediation of identified vulnerabilities misconfigurations and security gaps.
• Validate remediation efforts and conduct follow-up testing to confirm resolution of identified findings.
• Support development and refinement of penetration testing methodologies procedures testing standards and operational playbooks.
• Coordinate with security engineers SOC analysts ISSOs system administrators cloud engineers and program managers during testing activities.
• Assist with security architecture reviews threat modeling and attack surface analysis activities.
• Use automated and manual testing techniques to identify vulnerabilities and validate exploitability.
• Operate and maintain penetration testing toolsets attack frameworks vulnerability scanners and security testing platforms.
• Support compliance and assessment activities aligned with NIST RMF NIST SP 800-53 FISMA FedRAMP and Zero Trust Architecture requirements.
• Provide technical leadership and mentorship to junior penetration testers and cybersecurity analysts.
• Participate in incident response support forensic investigations and threat hunting activities as required.
• Support DevSecOps and secure software development initiatives through application security testing and code review support.
• Ensure all testing activities comply with federal security policies legal requirements approved authorizations and ethical hacking standards.

Minimum Qualifications

• Bachelors degree in Cybersecurity Information Technology Computer Science Engineering Information Systems or related discipline. Relevant experience may substitute for degree requirements.
• Minimum of 10 years of experience supporting penetration testing vulnerability assessments offensive cybersecurity operations red teaming or advanced cybersecurity engineering.
• Extensive experience conducting penetration testing against enterprise networks web applications cloud environments and operating systems.
• Advanced knowledge of offensive security methodologies exploitation frameworks attack techniques and adversarial tactics.
• Experience using penetration testing and security assessment tools such as Metasploit Burp Suite Nessus Nmap Kali Linux Cobalt Strike BloodHound Wireshark and related platforms.
• Strong understanding of network protocols operating systems identity management authentication mechanisms and cloud architectures.
• Experience with scripting or programming languages such as Python PowerShell Bash JavaScript or Go.
• Knowledge of NIST RMF NIST SP 800-53 FISMA FedRAMP MITRE ATT&CK and Zero Trust Architecture concepts.
• Experience leading penetration testing teams coordinating testing engagements and presenting findings to technical and executive stakeholders.
• Strong analytical problem-solving technical writing and communication skills.
• Experience supporting federal agencies or government cybersecurity environments preferred.

Preferred Certifications

• Offensive Security Certified Professional (OSCP)
• Offensive Security Experienced Penetration Tester (OSEP)
• GIAC Penetration Tester (GPEN)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)
• CompTIA PenTest
• GIAC Web Application Penetration Tester (GWAPT)
• Certified Red Team Professional (CRTP)
• AWS Certified Security Specialty
• Microsoft Certified: Azure Security Engineer Associate