Systems Security Specialist (Senior)

TechnoGen Inc

Job Location:

Baltimore, MD - USA

Monthly Salary: Not Disclosed

Posted on: 10 hours ago

Vacancies: 1 Vacancy

Job Summary

Title: Systems Security Specialist (Senior)

Location: Baltimore MD (the candidate may be required to work on-site or remotely on specific days as determined by Client)

Long Term

Duties / Responsibilities:

Conduct internal and external penetration testing of networks web applications APIs and cloud environments to identify security vulnerabilities and exploit paths.
Perform red team engagements simulating real-world adversary tactics techniques and procedures (TTPs) aligned with MITRE ATT&CK.
Execute vulnerability assessments and validate remediation efforts through retesting and technical verification.
Develop comprehensive penetration testing reports including executive summaries risk ratings proof-of-concept evidence and actionable remediation guidance.
Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.
Conduct secure configuration reviews of operating systems network infrastructure cloud platforms and identity systems.
Evaluate application security through dynamic and manual testing techniques including authentication session management input validation and access control testing.
Review source code for security weaknesses and secure coding gaps particularly in C/C Python Java or similar languages.
Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities.
Support incident response activities by recreating attack chains validating compromise scenarios and identifying root causes.
Assess Zero Trust implementations micro-segmentation strategies and identity-based security controls for effectiveness.
Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience.
Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization.
Collaborate with engineering DevOps and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture.
Contribute to the development of security policies testing methodologies and enterprise security standards.
Support compliance efforts by mapping testing results to NIST OWASP CIS or other applicable security frameworks.
Participate in continuous improvement of penetration testing methodologies tools and adversary emulation strategies.
Adhere to all security change control and MHBE Project Management Office (PMO) policies processes and methodologies.

Minimum Qualifications:

A Minimum eight (8) years of progressive experience in cybersecurity
A minimum of five (5) years performing penetration testing or red team engagements.
A minimum of five (5) years conducting network penetration testing web application and API testing internal and external vulnerability assessments and threat modeling and attack path analysis
A minimum of five (5) years developing and delivering formal penetration test reports including executive summaries and technical remediation guidance.
A minimum of five (5) years supporting incident response investigations and validation testing.
A minimum of five (5) years with common penetration testing tools (e.g. Metasploit Burp Suite Nmap Wireshark Nessus etc.).
Strong knowledge of Secure coding practices Application security testing (SAST/DAST concepts) Network architecture and segmentation and Identity and access management concepts
A minimum of five (5) years of demonstrated scripting or development ability in at least one language (e.g. Python C/C PowerShell Bash).
A minimum of five (5) years of working with NIST Cybersecurity Framework NIST 800-53 or similar federal control frameworks MITRE ATT&CK and OWASP Top 10
A minimum of five (5) years of experience mapping findings to security control frameworks.
At least one recognized offensive security certification (e.g. OSCP GPEN GXPN CEH or major experience can substitute for certification).
Demonstrated ability to communicate technical findings to executive and non-technical audiences and provide actionable remediation recommendations.
Demonstrated experience working in government or highly regulated environments.

Preferred Qualifications:

The additional Experience/Knowledge/Skills listed below are preferred by Client:

A Minimum ten (10) years of progressive experience in cybersecurity
A minimum of eight (8) years of experience in Advanced Offensive Security:
Experience leading red team engagements.
Experience performing adversary emulation exercises.
Experience conducting phishing and social engineering simulations.
Experience performing purple team exercises.
A minimum of five (5) years of experience in Zero Trust & Architecture:
Experience designing or assessing Zero Trust implementations.
Experience evaluating micro-segmentation strategies and identity-centric controls.
A minimum of five (5) years of experience in Cloud & Modern Infrastructure:
Experience performing security assessments in AWS or Azure environments Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments
Experience testing CI/CD pipelines.
A minimum of ten (10) years of experience in Software Development Depth:
Strong low-level development knowledge (kernel assembly embedded systems) that supports advanced exploit analysis.
Experience reviewing source code in JAVA or other compiled languages for vulnerabilities.
A minimum of ten (10) years of experience in Government in the following:
Experience supporting federal or state government security programs.
Familiarity with FedRAMP FISMA or IRS Pub 1075 environments.

Title: Systems Security Specialist (Senior) Location: Baltimore MD (the candidate may be required to work on-site or remotely on specific days as determined by Client) Long Term Duties / Responsibilities: Conduct internal and external penetration testing of networks web applications APIs and cl...