Systems Security Specialist

LingaTech

Job Location:

Baltimore, MD - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

Location: Baltimore MD (local candidates only)
Position Type: Hybrid
Hybrid Schedule: 2 days onsite 3 days remote
Contract Length: 6 months extensions
Note: Mustbe flexibleto work overtime on-site/off-siteas neededincludingweekends holidays and off-hours.

Position Overview:

We are seeking a highly skilled Offensive Security Engineer to support enterprise cybersecurity initiatives through advanced penetration testing red team operations vulnerability assessments and adversary emulation activities. This role is responsible for identifying and validating security risks across networks applications APIs cloud platforms and identity systems while providing actionable remediation guidance to technical and executive stakeholders.

Duties:

Conduct internal and external penetration testing of networks web applications APIs and cloud environments to identify security vulnerabilities and exploit paths.
Perform red team engagements simulating real-world adversary tactics techniques and procedures (TTPs) aligned with MITRE ATT&CK.
Execute vulnerability assessments and validate remediation efforts through retesting and technical verification.
Develop comprehensive penetration testing reports including executive summaries risk ratings proof-of-concept evidence and actionable remediation guidance.
Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.
Conduct secure configuration reviews of operating systems network infrastructure cloud platforms and identity systems.
Evaluate application security through dynamic and manual testing techniques including authentication session management input validation and access control testing.
Review source code for security weaknesses and secure coding gaps particularly in C/C Python Java or similar languages.
Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities.
Support incident response activities by recreating attack chains validating compromise scenarios and identifying root causes.
Assess Zero Trust implementations micro-segmentation strategies and identity-based security controls for effectiveness.
Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience.
Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization.
Collaborate with engineering DevOps and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture.
Contribute to the development of security policies testing methodologies and enterprise security standards.
Support compliance efforts by mapping testing results to NIST OWASP CIS or other applicable security frameworks.
Participate in continuous improvement of penetration testing methodologies tools and adversary emulation strategies.
Adhere to all security change control and MHBE Project Management Office (PMO) policies processes and methodologies.

Required Qualifications:

8 years of progressive experience in cybersecurity.
5 years of experience performing penetration testing or red team engagements.
5 years of experience conducting network penetration testing web application and API testing internal and external vulnerability assessments and threat modeling and attack path analysis.
5 years of experience developing and delivering formal penetration test reports including executive summaries and technical remediation guidance.
5 years of experience supporting incident response investigations and validation testing.
5 years of experience using common penetration testing tools such as Metasploit Burp Suite Nmap Wireshark and Nessus.
Strong knowledge of secure coding practices application security testing (SAST/DAST concepts) network architecture and segmentation and identity and access management concepts.
5 years of demonstrated scripting or development experience in at least one language such as Python C/C PowerShell or Bash.
5 years of experience working with the NIST Cybersecurity Framework NIST 800-53 or similar federal control frameworks MITRE ATT&CK and OWASP Top 10.
5 years of experience mapping findings to security control frameworks.
At least one recognized offensive security certification such as OSCP GPEN GXPN or CEH; equivalent hands-on experience may substitute for certification.
Demonstrated ability to communicate technical findings to executive and non-technical audiences and provide actionable remediation recommendations.
Demonstrated experience working in government or highly regulated environments.

Preferred Qualifications:

10 years of progressive experience in cybersecurity.
8 years of experience in advanced offensive security including leading red team engagements performing adversary emulation exercises conducting phishing and social engineering simulations and performing purple team exercises.
5 years of experience in Zero Trust and architecture including designing or assessing Zero Trust implementations and evaluating micro-segmentation strategies and identity-centric controls.
5 years of experience in cloud and modern infrastructure including performing security assessments in AWS or Azure environments containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments.
5 years of experience testing CI/CD pipelines.
10 years of experience in software development including strong low-level development knowledge in kernel assembly and embedded systems to support advanced exploit analysis.
10 years of experience reviewing source code in Java or other compiled languages for vulnerabilities.
10 years of experience supporting federal or state government security programs.
10 years of familiarity with FedRAMP FISMA or IRS Publication 1075 environments.

Required Experience:

Senior IC

Location: Baltimore MD (local candidates only)Position Type: HybridHybrid Schedule: 2 days onsite 3 days remoteContract Length: 6 months extensionsNote: Mustbe flexibleto work overtime on-site/off-siteas neededincludingweekends holidays and off-hours.Position Overview:We are seeking a highly skille...

Conduct internal and external penetration testing of networks web applications APIs and cloud environments to identify security vulnerabilities and exploit paths.
Perform red team engagements simulating real-world adversary tactics techniques and procedures (TTPs) aligned with MITRE ATT&CK.
Execute vulnerability assessments and validate remediation efforts through retesting and technical verification.
Develop comprehensive penetration testing reports including executive summaries risk ratings proof-of-concept evidence and actionable remediation guidance.
Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.
Conduct secure configuration reviews of operating systems network infrastructure cloud platforms and identity systems.
Evaluate application security through dynamic and manual testing techniques including authentication session management input validation and access control testing.
Review source code for security weaknesses and secure coding gaps particularly in C/C Python Java or similar languages.
Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities.
Support incident response activities by recreating attack chains validating compromise scenarios and identifying root causes.
Assess Zero Trust implementations micro-segmentation strategies and identity-based security controls for effectiveness.
Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience.
Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization.
Collaborate with engineering DevOps and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture.
Contribute to the development of security policies testing methodologies and enterprise security standards.
Support compliance efforts by mapping testing results to NIST OWASP CIS or other applicable security frameworks.
Participate in continuous improvement of penetration testing methodologies tools and adversary emulation strategies.
Adhere to all security change control and MHBE Project Management Office (PMO) policies processes and methodologies.

Required Qualifications:

8 years of progressive experience in cybersecurity.
5 years of experience performing penetration testing or red team engagements.
5 years of experience conducting network penetration testing web application and API testing internal and external vulnerability assessments and threat modeling and attack path analysis.
5 years of experience developing and delivering formal penetration test reports including executive summaries and technical remediation guidance.
5 years of experience supporting incident response investigations and validation testing.
5 years of experience using common penetration testing tools such as Metasploit Burp Suite Nmap Wireshark and Nessus.
Strong knowledge of secure coding practices application security testing (SAST/DAST concepts) network architecture and segmentation and identity and access management concepts.
5 years of demonstrated scripting or development experience in at least one language such as Python C/C PowerShell or Bash.
5 years of experience working with the NIST Cybersecurity Framework NIST 800-53 or similar federal control frameworks MITRE ATT&CK and OWASP Top 10.
5 years of experience mapping findings to security control frameworks.
At least one recognized offensive security certification such as OSCP GPEN GXPN or CEH; equivalent hands-on experience may substitute for certification.
Demonstrated ability to communicate technical findings to executive and non-technical audiences and provide actionable remediation recommendations.
Demonstrated experience working in government or highly regulated environments.

Preferred Qualifications:

10 years of progressive experience in cybersecurity.
8 years of experience in advanced offensive security including leading red team engagements performing adversary emulation exercises conducting phishing and social engineering simulations and performing purple team exercises.
5 years of experience in Zero Trust and architecture including designing or assessing Zero Trust implementations and evaluating micro-segmentation strategies and identity-centric controls.
5 years of experience in cloud and modern infrastructure including performing security assessments in AWS or Azure environments containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments.
5 years of experience testing CI/CD pipelines.
10 years of experience in software development including strong low-level development knowledge in kernel assembly and embedded systems to support advanced exploit analysis.
10 years of experience reviewing source code in Java or other compiled languages for vulnerabilities.
10 years of experience supporting federal or state government security programs.
10 years of familiarity with FedRAMP FISMA or IRS Publication 1075 environments.

Required Experience:

Senior IC

Apply Now

About Company

LingaTech

Careers at LingaTech: Love Where You Work! Welcome to the vibrant world of LingaTech, where technology meets fun and innovation! Are you ready to join the adventure? As a premier employer of top-notch technology consultants, we're on a mission to assemble the most talented and passion ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click