Lead Penetration Tester - Hybrid - Leesburg, VA - Long-Term!

Zachary Piper Solutions is seeking a Secret-cleared Lead Penetration Tester to support a modernization effort standing up SOC environments and requires continuous penetration testing with our government client. This opportunity has plenty of room for growth and the best team to grow with! The Secret-cleared Lead Penetration Tester will work in Leesburg, VA, HYBRID, 3 days a week on-site and 2 days remotely.

Responsibilities of the Lead Penetration Tester include:

• Lead penetration testing projects and offer direct support to SOC operations

• Ensure all employees have been trained on penetration testing tools and know how to analyze the results of penetration testing

• Carry out penetration tests with the system owner's knowledge and written consent, and only after the necessary authority, permissions, testing scope and type, and rules of engagement have been established

• Work with SOC and System Owners to identify strategies for defending against, modifying, or reconfiguring cyber defensive measures to increase attack resistance and resilience

Qualifications of the Lead Penetration Tester include:

• 7+ years of penetration testing experience

• Experience with: Webinspect, BurpSuite Pro, Kali Linux, Nmap, or other pentesting tools

• Bachelor's Degree preferred but not required if 10+ years of penetration experience

• One of the following ACTIVE certifications: CISM, CISSP, GSLC, CEH, LPT, CPT (similar level certifications can be considered)

• Must posses an Active Secret Clearance

Compensation of the Penetration Tester) include:

• Salary range: $130,000-$160,000 depending on experience and education
• Benefits: Medical, Dental, Vision, 401K, PTO, Federal Paid Holidays

Keywords: penetration testing, pen testing, pentest, SOC, devsecops, security, cyber, cybersecurity, engineer, engineering, engineered, develop, developer, developed, development, CISM, CISSP, GSLC, CEH, LPT, CPT, SME, cyber security, infrastructure, code, testing, webapp, web app, web application, NIST, RMF, risk, management, risk management, subject matter expert, cleared, clearance, clearable, us citizen, public trust, contract, contract work, remote, remote work, work from home, wfh, telework, telecommute, network, networking, OSI, TCP/IP, shell, scripting, script, privacy, zero trust, architect, cyber development, cyber engineering, cyber architecture, splunk, linux, design, implement, maintain, secure, system, network, cloud, security engineer, cyber, cybersecurity, computer security, business, information technology, IT, NIST, rmf, risk management, risk management frameworks, assess, mitigate, privacy, cyber threats, threat, threats, vulnerability, vulnerabilities, networking protocols, TCP/IP, SNMP, DNS, DHCP, intrustion detection, palo alto, firewalls, Broadcom, data loss, prevention, data encryption, AWS, cloud, security framework, information security, VPN, DMARC, DKIM, SPF, red team, pen testing, penetration testing, offensive security, defensive security, OS, APP, hardening, scripting, bash, python, powershell, crowdstrike, burpsuite, windows, linux, tenable, nessus, SC, splunk, search, dashboard, SPL, search processing language, data manipulation,design, implement, maintain, secure, system, network, compliant, compliance, risk, cloud, AWS, data storage, transfer, root cause analysis, security documentation, SOPs, authority to operate, ATO, FISMA, Agency Information Security and Privacy, Cloud Guidelines, application security, defensive security, blue team, purple team, Certified Information Security manager, certified information systems security professional, GIAC Security Leadership Certification, GIAC, Comptia, Certified Ethical Hacker, Licensed Penetration Tester, Certified Penetration Tester, app security, application security, OWASP, SAST, DAST, web app

#LI-AA1 #LI-HYBRID