Pentester II

Job Description

ECS is seeking a Pentester II to work remotely .

Are you passionate about the ever-evolving field of cybersecurity and ready to launch a career with a positive and lasting impact? Join our dynamic team at ECS, a leading provider of solutions in science, engineering, and advanced technologies, including cloud, cybersecurity, artificial intelligence (AI), data, and enterprise transformation solutions. We're searching for a Mid-Level Network/WebApp Pentester to join our dedicated cybersecurity.

As a Penetration tester at ECS, you will play a vital role in protecting our customers' digital assets by identifying potential security threats. The ideal candidate will have a strong background in ethical hacking, security assessment, and vulnerability analysis. They will be adept at identifying and exploiting vulnerabilities in various systems, applications, and networks to enhance the security posture of our customer's organizations. This role requires a proactive individual who is passionate about cybersecurity, has a keen eye for detail.

Salary Range: $125,000 - $150,000

General Description of Benefits

Required Skills

• Deep understanding of network security, endpoint security, and cloud security principles.
• 5+ years of hands-on experience in penetration testing
• Proficiency in using a variety of penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, Wireshark, and others.
• Relevant certifications such as Offensive Security Certified Professional (OSCP) or GIAC Penetration Tester (GPEN).
• Strong understanding of network protocols, operating systems (Windows, Linux, macOS), and web application security principles.
• Familiarity with scripting languages such as Python, JavaScript, and Bash for developing custom exploits and automation scripts.
• Must possess exceptional verbal and written communication skills.
• Proficiency in producing clear, detailed pentest reports for technical and non-technical audiences.
• Ability to deliver compelling presentations and briefings to stakeholders, including non-technical audiences.
• Knowledge of common security frameworks and standards such as OWASP Top Ten, NIST Cybersecurity Framework, ISO 27001, PTES, and PTF

Desired Skills

• Deep understanding of web application security principles and the OWASP Top 10, including injection flaws, authentication/authorization issues, cross-site scripting (XSS), insecure deserialization, and business logic vulnerabilities.
• Proficiency in using manual and automated testing tools, such as Burp Suite Pro, OWASP ZAP, SQLMap, Nmap, Metasploit, and Postman, to identify and exploit web and API vulnerabilities.
• Experience testing RESTful and SOAP APIs, including authentication methods (JWT, OAuth2, API keys) and parameter manipulation.
• Strong foundation in HTTP/S protocols, headers, cookies, session management, and web application frameworks (e.g., Django, Flask, Express, ASP.NET, or Spring).
• Ability to perform manual validation and proof-of-concept development beyond scanner results to verify impact and risk.
• Working knowledge of secure coding practices and the ability to provide remediation guidance to developers.
• Proficiency in scripting and automation (Python, Bash, JavaScript, or Go) for custom exploit scripts, tool integrations, and reporting automation.
• Familiarity with web service enumeration and content discovery using tools such as DirBuster, FFUF, or Gobuster.
• Understanding of cloud-hosted web environments (AWS, Azure, Google Cloud Platform) and common misconfigurations affecting web assets.
• Experience with source code review for web and API vulnerabilities.
• Strong report writing and communication skills - able to clearly document findings, risk ratings, and remediation steps for both technical and non-technical audiences.

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.