7110 - Senior Security Testing Consultant (Cloud and Application Security) Local to Sacramento, CA

  • Sacramento, CA
  • Posted 20 days ago | Updated 8 days ago

Overview

On Site
$50+
Contract - W2
Contract - Independent
Contract - 6 Month(s)
No Travel Required

Skills

API
Amazon Web Services
Burp Suite
CISSP
Certified Ethical Hacker
Cisco Certifications
Cloud Computing
Cloud Security
CompTIA
Continuous Delivery
Continuous Integration
Cyber Security
Docker
Documentation
FIPS
FISMA
FedRAMP
GitHub
ISACA
IT Security
Jenkins
Knowledge Transfer
Kubernetes
NIST SP 800 Series
Nmap
Penetration Testing
Public Sector
Regulatory Compliance
Reporting
Security Controls
Security QA
Software Asset Management
Software Design
Software Security
Status Reports
Testing
Web Applications

Job Details

Job Title: 7110 - Senior Security Testing Consultant (Cloud and Application Security) Local to Sacramento, CA
Duration: ~6 months (February 2026 July 2026)

Job Description

An experienced Security Testing Consultant is sought to conduct comprehensive penetration testing, vulnerability assessments, and validation of security controls across cloud platforms, applications, and CI/CD systems. The ideal candidate will demonstrate deep expertise in cloud security posture, secure development practices, and regulatory compliance validation.

Key Responsibilities

  • Conduct credentialed and non-credentialed web application and API penetration testing using tools such as Tenable WAS, Burp Suite, Nmap, sqlmap, and others.
  • Perform port and service scans and analyze attack surfaces for systems and applications.
  • Assess and validate implementation of security controls against NIST SP 800-53 Rev 5 and FIPS 140-3.
  • Evaluate secure configurations and posture across multiple platforms including:
    • AWS or similar cloud environments
    • Containers (Docker, Kubernetes)
    • CI/CD tools (GitHub, Jenkins, Code Climate, CloudHub 2)
    • Mulesoft
    • Salesforce (Community and Service Cloud)
    • OKTA or other Identity Access Providers
    • Serverless architectures
  • Perform vulnerability exploitation (minimally pervasive) and validate remediation of critical/high findings.
  • Execute both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
  • Validate data classification efforts, including for moderate and high data sensitivity levels.
  • Evaluate Zero Trust Architecture implementations.
  • Work with designated teams to obtain necessary credentials and access to test environments.
  • Provide written weekly status reports and a final report including findings, remediation strategies, and recommendations.
  • Participate in a close-out briefing and perform knowledge transfer to internal stakeholders, including documentation and virtual sessions.

Minimum Qualifications

  • 2+ years FTE experience in IT security solution design, implementation, or testing in cloud or hybrid environments.
  • 2+ years FTE experience in Red Team penetration testing (commercial or government).
  • 3+ years FTE validating secure configurations/posture for:
    • AWS or similar cloud tech
    • Containers (Docker, Kubernetes)
    • CI/CD tools (GitHub, Jenkins, Code Climate, CloudHub 2)
    • Mulesoft
    • Salesforce (Community and Service Cloud)
    • OKTA or similar IAM solutions
    • Serverless architectures
    • Overall secure cloud environments
  • 3+ years FTE experience:
    • Performing SAST and DAST
    • Validating secure Zero Trust Architecture
    • Validating data classification (moderate/high)
  • 2+ years FTE experience working with public sector agencies to achieve compliance with one or more of the following:
    SAM, CSF, SIMM, NIST, FIPS, FISMA, FedRAMP

Required Certifications (at least one per category below)

  • Penetration Testing Certification (1 required):
    • CEPT, CPT, CEH, or CompTIA PenTest+
  • Security Risk or Cloud Certification (1 required):
    • CRISC, CCSP, or CISSP

Tools and Technologies (Preferred/Used)

  • Tenable WAS
  • Burp Suite
  • Nmap / sqlmap
  • Salesforce
  • Jenkins / GitHub / CI-CD pipelines
  • AWS
  • OKTA
  • Kubernetes / Docker
  • Mulesoft
  • Microsoft 365 for documentation
  • Industry-standard cybersecurity validation frameworks

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.