Penetration Tester

***Only qualified Senior Penetration Tester candidates located near the Raleigh NC area to be considered due to the position requiring an onsite presence***

Required Skills:
• Minimum 7–10 years of hands-on experience in penetration testing or offensive security (7 Years)
• Demonstrated expertise in network and infrastructure security testing (7 Years)
• Strong understanding of TCP/IP DNS DHCP VPN firewalls IDS/IPS o Windows and Linux system internals o Active Directory attack paths and defend (8 Years)
• Advanced proficiency with penetration testing tools such as Nmap Nessus Metasploit Burp Suite o Bloodhound Net Exec Ping Castel Analysis tools (7 Years)
• Experience producing standard penetration testing reports (7 Years)
• Familiarity with security frameworks and standards including NIST SP 800-53 800-115 800-61 MITRE ATT&CK OWASP Testing Guide (7 Years)
• Experience working within regulated or high-security environments (7 Years)
• Strong understanding of legal ethical and compliance requirements for penetration testing (5 Years)

Seeking a Senior Penetration Tester to conduct authorized network & infrastructure penetration testing to identify validate & demonstrate security weaknesses

Job Responsibilities:
• The Senior Penetration Testing Contractor will
• Plan and execute internal and external penetration tests for network and infrastructure environments
• Perform vulnerability identification validation and controlled exploitation
• Assess security posture across
• Network devices (firewalls routers switches)
• On-premises servers and operating systems (Windows Linux Unix)
• Active Directory and identity infrastructure
• Remote access solutions and VPNs
• Cloud environments (where applicable)
• Simulate advanced threat actor techniques including
• Privilege escalation
• Lateral movement
• Credential compromise
• Persistence mechanisms
• Evaluate security configurations and control effectiveness
• Conduct testing in accordance with approved Rules of Engagement
• Prepare and deliver formal penetration testing reports suitable for executive audit and technical audiences
• Support remediation validation and follow-up testing as required