Systems Security Specialist

NexSolv is seeking a Systems Security Specialist for our direct client State of Maryland. Please review the JD below and share your updated resume if you are a good fit for this position:

·        Conduct internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths.

·        Perform red team engagements simulating real-world adversary tactics, techniques, and procedures (TTPs) aligned with MITRE ATT&CK.

·        Execute vulnerability assessments and validate remediation efforts through retesting and technical verification.

·        Develop comprehensive penetration testing reports, including executive summaries, risk ratings, proof-of-concept evidence, and actionable remediation guidance.

·        Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.

·        Conduct secure configuration reviews of operating systems, network infrastructure, cloud platforms, and identity systems.

·        Evaluate application security through dynamic and manual testing techniques, including authentication, session management, input validation, and access control testing.

·        Review source code for security weaknesses and secure coding gaps, particularly in C/C++, Python, Java, or similar languages.

·        Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities.

·        Support incident response activities by recreating attack chains, validating compromise scenarios, and identifying root causes.

·        Assess Zero Trust implementations, micro-segmentation strategies, and identity-based security controls for effectiveness.

·        Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience.

·        Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization.

·        Collaborate with engineering, DevOps, and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture.

·        Contribute to the development of security policies, testing methodologies, and enterprise security standards.

·        Support compliance efforts by mapping testing results to NIST, OWASP, CIS, or other applicable security frameworks.

·        Participate in continuous improvement of penetration testing methodologies, tools, and adversary emulation strategies.

·        Adhere to all security, change control, and MHBE Project Management Office (PMO) policies, processes, and methodologies.

Minimum Qualifications

·        A Minimum eight (8) years of progressive experience in cybersecurity

·        A minimum of five (5) years performing penetration testing or red team engagements.

·        A minimum of five (5) years conducting network penetration testing, web application and API testing, internal and external vulnerability assessments and threat modeling and attack path analysis

·        A minimum of five (5) years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance.

·        A minimum of five (5) years supporting incident response investigations and validation testing.

·        A minimum of five (5) years with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Nessus, etc.).

·        Strong knowledge of Secure coding practices, Application security testing (SAST/DAST concepts), Network architecture and segmentation and Identity and access management concepts

·        A minimum of five (5) years of demonstrated scripting or development ability in at least one language (e.g., Python, C/C++, PowerShell, Bash).

·        A minimum of five (5) years of working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK and OWASP Top 10

·        A minimum of five (5) years of experience mapping findings to security control frameworks.

·        At least one recognized offensive security certification (e.g., OSCP, GPEN, GXPN, CEH, or major experience can substitute for certification).

·        Demonstrated ability to communicate technical findings to executive and non-technical audiences, and provide actionable remediation recommendations.

·       Demonstrated experience working in government or highly regulated environments.

Preferred Qualifications

 ·        A Minimum ten (10) years of progressive experience in cybersecurity

·        A minimum of eight (8) years of experience in Advanced Offensive Security:

·        Experience leading red team engagements.

·        Experience performing adversary emulation exercises.

·        Experience conducting phishing and social engineering simulations.

·        Experience performing purple team exercises.

·        A minimum of five (5) years of experience in Zero Trust & Architecture:

·        Experience designing or assessing Zero Trust implementations.

·        Experience evaluating micro-segmentation strategies and identity-centric controls.

·        A minimum of five (5) years of experience in Cloud & Modern Infrastructure:

·        Experience performing security assessments in AWS or Azure environments, Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments

·        Experience testing CI/CD pipelines.

·        A minimum of ten (10) years of experience in Software Development Depth:

·        Strong low-level development knowledge (kernel, assembly, embedded systems) that supports advanced exploit analysis.

·        Experience reviewing source code in JAVA or other compiled languages for vulnerabilities.

·        A minimum of ten (10) years of experience in Government in the following:

·        Experience supporting federal or state government security programs.

·       Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments.