Penetration Tester

Job Description

Everforth ECS is seeking a Penetration Tester to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax .

Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Penetration Tester executes structured offensive security assessments across WDP's classified and unclassified environments under senior testing leadership, validating the security posture of mission-critical network infrastructure, web applications, cloud components, and operational data platform services spanning NIPRNet, SIPRNet, and JWICS. This role directly supports WDP's Risk Management Framework compliance obligations, Authorization to Operate activities, and continuous monitoring requirements by delivering technically rigorous, evidence-based findings that enable timely remediation and strengthen the platform's defense-in-depth posture.

Executes offensive security assessments supporting Department of War information systems across unclassified and classified environments under the direction of senior testing leadership.
Conducts network and web application penetration testing activities to identify exploitable vulnerabilities, insecure configurations, and attack paths that bypass automated security controls.
Performs reconnaissance, enumeration, exploitation, and post-exploitation activities using approved tools and techniques while adhering to established rules of engagement and operational safety constraints.
Executes testing against operating systems, databases, web services, APIs, and cloud-hosted components to validate security control effectiveness and defense-in-depth posture.
Documents technical findings including exploitation steps, evidence artifacts, and impact analysis in structured penetration testing reports.
Collaborates with system owners, ISSOs, and cybersecurity engineers to deconflict testing activity and support timely remediation planning.
Assists with red team activities by executing assigned attack scenarios and validating detection and response capabilities.
Supports remediation verification through retesting of previously identified vulnerabilities to confirm corrective action effectiveness.
Maintains detailed testing notes, screenshots, logs, and artifacts supporting Risk Management Framework assessment activities and authorization documentation.
Contributes to continuous improvement of testing methodologies, toolkits, and playbooks while reinforcing program values of professionalism, discipline, accountability, and proactive cyber defense in support of mission assurance.
Performs other duties as assigned.

Required Skills

Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance.
3-10 years of experience in penetration testing, offensive security, vulnerability assessment, or a closely related cybersecurity discipline, with demonstrated hands-on experience conducting structured penetration testing engagements across network, web application, and cloud environments in federal, DoW, or enterprise settings.
IAM Level I certification from an approved credential, including CompTIA Security+ CE, ISC CAP, ISC SSCP, or GIAC GSLC.
Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Desired Skills

Active Top Secret (TS) security clearance.
Offensive security certification such as Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or an equivalent credential demonstrating hands-on proficiency with structured exploitation techniques, penetration testing methodology, and adversary emulation practices applicable to government or enterprise environments.
Proficiency with industry-standard penetration testing tools such as Metasploit Framework, Burp Suite Pro, Nmap, BloodHound, or equivalent platforms, with demonstrated experience applying these tools within authorized engagement scopes against complex federal or enterprise network and application targets.
Familiarity with the DoW Risk Management Framework (RMF) process, including awareness of how penetration testing findings integrate into Body-of-Evidence packages, Plan of Action and Milestones tracking, and Authority to Operate documentation under NIST 800-53 in support of multi-enclave system authorization activities.
Experience supporting red team or purple team activities, including executing assigned adversary emulation scenarios, validating SOC detection and response capabilities, and contributing to post-engagement lessons learned processes that improve defensive posture and security tooling effectiveness.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven