Cyber Penetration Tester

Overview

The Squires Group is seeking an experienced Cyber Penetration Tester to support a critical federal program focused on advancing cybersecurity and technology security initiatives. In this role you will support the team by leading penetration tests, identifying vulnerabilities and recommending NIST 800-53-compliant remediations, reporting findings to system owners and engineers, maintaining infrastructure, and developing or modifying tools to automate discovery and exploitation.

Work will be performed ONSITE in Arlington, VA. Per our client contract, candidates must be U.S. Citizens, possessing a Secret clearance with eligibility to obtain a final Top Secret security clearance.

Responsibilities

• Perform and lead penetration testing efforts in support of the Team to evaluate the security posture of client systems.
  
• Identify system vulnerabilities and develop remediation strategies in alignment with NIST 800-53 security control requirements.
  
• Communicate and present security findings to system owners and engineering teams.
  
• Manage and maintain the operational infrastructure of the Team environment.
  
• Create or enhance tools to automate vulnerability discovery and exploitation processes.
  

Qualifications

Required Qualifications:

• Bachelor's degree in a related Cybersecurity or IT field with at least 5 years of relevant experience, or a Master's degree with a minimum of 3 years of relevant experience. In lieu of a degree, 4 additional years of IT security or penetration testing experience may be substituted.
• At least 2 years of hands-on penetration testing experience.
• Hold at least one of the following certifications:
  • CCNA Cyber Ops, CCNA-Security, CEH, CFR, Cloud+, CySA+, GCIA, GCIH, GICSP, SCYBER, Security+ CE, or SSCP.
• Proven experience using Kali Linux in testing environments.
• Practical experience with penetration testing tools such as Nmap, Burp Suite, Metasploit, and similar utilities.
• Demonstrated ability to assess vulnerabilities, conduct root cause analysis, and communicate findings using recognized assessment frameworks such as NIST SP 800-115, PTES, ISSAF, and the OWASP Web Security Testing Guide.
• Capable of leading penetration tests and mentoring both senior and junior penetration testers.
• U.S. citizenship is required.
• Must possess an active Secret security clearance, with the ability to obtain a Top Secret clearance.

Preferred Qualifications:

• Active Top Secret or TS/SCI security clearance.
  
• Possession of one of the following certifications, or another verifiable credential demonstrating IT security proficiency:
  
  • CompTIA CASP+
    
  • ISC2 CISSP, CCSP, or ISSEP
    
• Possession of one of the following certifications, or another verifiable credential reflecting practical penetration testing skills:
  
  • Offensive Security Certified Professional (OSCP)
    
  • Hack The Box Certified Penetration Testing Specialist (CPTS)
    
  • TCM Security Practical Network Penetration Tester (PNPT)
    
  • GIAC GXPN
    
  • Zero Point Security Red Team Ops II
    
• Advanced understanding of the following areas:
  • NIST Risk Management Framework (RMF) and the Assessment & Authorization (A&A) lifecycle
    
  • Core security principles including CIA triad, IAAAA, access control models, and risk management concepts
    
  • Networking fundamentals such as IP routing, TCP/UDP, VPNs, NAT, and firewall configurations
    
  • Common network protocols (SSH, FTP, SMTP, SMB, HTTP, etc.)
    
  • Operating system architecture including process, device, and file system management
    
  • Data security techniques such as encoding, hashing, and encryption
    
  • Scripting and programming in languages like Bash, Python, PowerShell, and JavaScript
    
  • Common application vulnerabilities including outdated software, misconfigured permissions, insufficient input validation, and monitoring deficiencies
    
  • Web application vulnerabilities such as XSS, SQL injection, local file inclusion, insecure file upload, and broken authentication
    
  • Active Directory (AD) enumeration and exploitation techniques including Kerberoasting, AS-REP roasting, privilege abuse, and golden ticket attacks
    
  • Understanding of PKI and secure environments implementing multifactor authentication
    
  • Cloud computing platforms including AWS, Microsoft Azure, and Google Cloud Platform (Google Cloud Platform)
    

Check out our Referral Program!
The Squires Group will pay you for every qualified professional that you refer and we place. If you see a position posted by The Squires Group and know the perfect person for the job, please send us your referral. For more information, go to .

#LI-JT1

#LI-Onsite
#DI