Jobs · Information Technology

Penetration Tester

General Dynamics Information Technology · United States · 5 days ago
RemoteRemoteInformation Technology$123k–$167k/yrFull-time

Key Responsibilities

  • Perform application, API, and cloud penetration tests on CMM systems prior to ATO submission.
  • Conduct web, mobile, API, and microservices security testing using industry-standard tools and manual exploitation techniques.
  • Execute AWS cloud penetration testing within approved boundaries (IAM, S3, Lambda, API Gateway, ECS/EKS, networking).
  • Perform static and dynamic analysis, including code review for security vulnerabilities.
  • Conduct credentialed and uncredentialed scans, privilege escalation testing, and lateral movement analysis.
  • Validate implementation of NIST 800-53 controls, including AC, AU, IA, SC, SI, and CM families.
  • Support RMF Step 3 (Security Assessment) activities and provide evidence for ATO packages.
  • Identify vulnerabilities across application layers, cloud infrastructure, and CI/CD pipelines.
  • Work with developers, cloud engineers, and DevSecOps teams to validate fixes and retest vulnerabilities.
  • Provide detailed remediation guidance aligned with secure coding and cloud security best practices.
  • Track findings in Jira or equivalent tools and ensure closure prior to ATO milestones.
  • Prepare Security Assessment Reports (SAR), penetration test summaries, and risk findings for AO stakeholders.
  • Document exploitation steps, proof-of-concepts, and risk severity aligned with federal scoring methodologies.
  • Contribute to System Security Plans (SSP), POA&Ms, and ATO evidence packages.
  • Support pre-ATO readiness reviews, including control validation and security walkthroughs.
  • Participate in tabletop exercises, threat modeling sessions, and architecture reviews.
  • Validate system resilience through stress, failover, and adversarial resilience testing.
  • Ensure compliance with federal security standards, including NIST, FISMA, and AO-specific guidelines.
  • Work closely with development teams to integrate security testing into Agile sprints.
  • Provide security insights during sprint planning, backlog refinement, and release readiness reviews.
  • Support secure CI/CD pipeline enhancements, including automated security scanning.

Job Qualifications

  • 8+ years of experience in penetration testing, application security, or ethical hacking security roles.
  • Experience documenting test plans, test procedures, and detailed security findings.
  • Experience supporting federal security assessments or enterprise-scale security testing.
  • Hands-on experience performing penetration tests on web applications, APIs, microservices, and cloud environments.
  • Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto, K6 Security, or custom scripts.
  • Experience testing applications built with NodeJS, ReactJS, REST APIs, and microservices.
  • Strong understanding of AWS security, including IAM, VPC, S3, Lambda, API Gateway, ECS/EKS, CloudTrail, and CloudWatch.
  • Experience with NIST 800-53, RMF, FedRAMP, or federal ATO processes.
  • Ability to interpret logs, metrics, and security telemetry to identify attack paths.
  • Familiarity with SIEM and monitoring tools such as Datadog, ELK, CloudWatch, Grafana.
  • Experience with container security (Docker, Kubernetes, OpenShift).
  • Understanding of network security, distributed tracing, and adversarial testing techniques.
  • Strong analytical, communication, and documentation skills.

Similar jobs

Penetration Tester

Cymertek CorporationAnnapolis Junction, MD· 12 mo ago
Information Technologyapply on cymertek.catsone.com

Penetration Tester

Cymertek CorporationReston, VA· 12 mo ago
Information Technologyapply on cymertek.catsone.com

Penetration Tester

Cymertek CorporationAurora, Colorado, United States· 12 mo ago
Information Technologyapply on cymertek.catsone.com

Penetration Tester

Cymertek CorporationTysons Corner, VA· 12 mo ago
Information Technologyapply on cymertek.catsone.com

Penetration Tester

Cymertek CorporationChantilly, VA· 12 mo ago
Information Technologyapply on cymertek.catsone.com

Penetration Tester

Cymertek CorporationHonolulu, HI· 12 mo ago
Information Technologyapply on cymertek.catsone.com