Penetration Test Engineer - Senior (R-00004)

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" ($5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV)) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.
True Zero Technologies is looking for qualified candidates to fulfill the role of Senior Penetration Test Engineer  Job Description  As a Senior Penetration Testing Engineer, you will possess solid industry experience in the public sector and/or commercial spaces; relevant technical certifications; and, proven experience designing, configuring, and conducting a variety of penetration testing situations and scenarios focused on cybersecurity and technology assets and networks. You will have experience packaging, presenting, remediating, and escalating penetration testing results, plans, and actions to appropriate related teams and stakeholders. This position requires strong technical, communications, and problem-solving skills, and the ability to engage and interact with numerous teams. The ideal candidate will have a passion for cybersecurity, the ability to think outside of the box, and be attentive to detail.  Candidates should possess the following qualifications and be able to demonstrate deep competency in most of the requirements listed below: 

Qualifications / Requirements

• Minimum 5+ years’ experience in a cybersecurity, technology, and/or network penetration testing role, conducting penetration tests or red-team assessments 
• US citizenship required, and candidates must be willing to be submitted for a US Government background investigation 
• Experience using common penetration testing tools such as Metasploit Framework and Burp Suite Pro  
• Experience using and exploiting operating systems including Windows and Linux  
• Experience with advanced exploitation methods or exploitation development  
• Experience conducting cyber operations and exploitation  
• Understanding of common scripting languages  
• Familiarity with Security Content Automation Protocols (SCAP), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), or Common Platform Enumeration (CPE)  
• Understanding of US Government Configuration Baseline (USGCB), Security Technical Implementation Guides (STIGs), NSA Guides, National Checklist Program (NCP) or Common Secure configurations  
• Excellent written and verbal communication skills, demonstrating the ability to effectively convey technical information to both technical and non-technical audiences 
• Experience with a variety of testing use cases including, but not limited to external, internal, social media, cloud providers environments, application toolkits and development, SCADA environments, operational environments, wired and wireless networks, etc. 
• Education: Bachelor’s Degree in Cybersecurity or related field preferred 

Possess three or more of the following: 
• Offensive Security Certified Professional (OSCP) 
• Offensive Security Certified Expert (OSCE)  
• Offensive Security Wireless Professional (OSWP)  
• Offensive Security Web Expert (OSWE)  
• Certified Ethical Hacker (CEH)  
• EC-Council Certified Security Analyst (ECSA)  
• Certified Ethical Hacker (CEH) Practical  
• EC-Council Certified Security Analyst (ECSA) Practical  
• Licensed Penetration Tester (LPT) Master  
• Certified Information Systems Security Professional (CISSP)
• CompTIA PenTest+  
• GIAC Certified Incident Handler (GCIH)  
• GIAC Penetration Tester (GPEN)  
• GIAC Web Application Penetration Tester (GWAPT)  
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)  
• GIAC Assessing and Auditing Wireless Networks (GAWN)

Responsibilities

• Conduct web application, mobile application, phishing, network, wireless, and operational technology penetration tests 
• Conduct security assessments of cloud environments and application source code review 
• Conduct penetration tests in accordance with standard methodologies (i.e. OWASP, NIST, PTES) 
• Use common penetration testing and red-team tools, tactics, techniques, and procedures 
• Utilize custom penetration testing tools, frameworks, and infrastructure 
• Assess risk of discovered vulnerabilities based on likelihood and severity of exploitation 
• Deliver technical reports on detailed findings and vulnerability remediation recommendations 
• Collaborate with clients throughout an assessment on status and vulnerability information 
• Coach and mentor penetration testing team experts 
• Provide professional development and human resources management of the team 
• Participate in business financial management of the penetration team  

We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you'll enjoy:
- Competitive salary, paid twice per month- Best in class medical coverage- 100% of medical premiums covered by True Zero- Company wide new business incentive programs- Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)- 3 weeks of PTO starting + 11 Paid Holidays Annually- 401k Program with 100% company match on the first 4%- Monthly reimbursement of Cell Phone and Home Internet costs- Paternity/Maternity Leave- Investment in training and certifications to broaden and deepen your technical skills