IT Security Specialist - Penetration Tester (Surge Support) jobs in United States
cer-icon
Apply on Employer Site
company-logo

AttainX, Inc. · 3 months ago

IT Security Specialist - Penetration Tester (Surge Support)

positionSilver Spring, MD, US
timeFull-time
remoteHybrid
senioritySenior Level
money$130K/yr - $150K/yr
date5+ years exp

AttainX, Inc. is in search of a highly energetic Penetration Tester to join our team on a cyber security program supporting our US federal government client. In this role, you’ll take a hands-on approach to identify, exploit, and report security weaknesses across diverse environments, contributing to fortifying critical systems and protecting sensitive data from evolving cyber threats.

Cyber SecuritySoftwareVirtual Reality
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Protocol analysis, vulnerability discovery and exploitation, post exploitation impact analysis, and physical security
Highly technical problem-solver who understands software architectures, security, communication protocols, virtualization, and hardware, and work with other engineers to the resolution of problems in design, development, and operations
Perform manual and automated firmware analysis on target devices
Perform pen tests, fuzzing and custom exploit attacks against client systems
Review deployment architectures, topologies and conops for compliance regulatory security mandates
Produce security reports suitable for submission to regulatory bodies
Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments
Conduct scenario-based security testing, or red teaming to identify gaps in detection and response capabilities of client end systems
Conducting research and testing in support of client requirements
Designing, implementation, and integration of security solutions
Designing, development and support of the company’s line of technology products
Analyzes information security systems and applications
Recommends and develops security measures to protect information against unauthorized modification or loss
Familiar with a variety of the field’s concepts, practices, and procedures
Relies on experience and judgment to plan and accomplish goals
Performs a variety of complicated tasks

Qualification

Penetration TestingEthical HackingAWSAzureIT Security ToolsNIST GuidanceRisk Management FrameworkTechnical Testing ToolsEnterprise ArchitectureCommunication SkillsInterpersonal SkillsProject ManagementTime ManagementTeam Collaboration

Required

A minimum of 5 years of proven penetration testing and ethical hacking experience
Hands-on experience in penetration testing across AWS, Azure, and On-Premise environments
At least 5 years of recent experience (within the last 6 years) in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools (e.g. Burp Suite, Metasploit, Wireshark)
At least 5 years of recent experience (within the last 6 years) with enterprise architecture methodologies, concepts, procedures, principles, and tools
At least 5 years of recent experience (within the last 6 years) in contingency planning and backup and recovery best practices and application of NIST guidance in this area
At least 5 years of recent experience (within the last 6 years) in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.)
At least 5 years of recent experience (within the last 6 years) in conducting penetration testing or the ability to bring in a penetration tester when required
At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework
Possess at least one of the following professional Certifications required by DOC Enterprise Cybersecurity Policy (ECP) Annex C-1: Controls Assessor, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Incident Handler (GCIH), GIAC Systems and Network Auditor (GSNA), Electronic Commerce Council Certified Ethical Hacker (CEH), ISC2 Certified in Governance, Risk and Compliance (CGRC), Security Certified Network Professional (SCNP), Security Certified Network Architect (SCNA)
Proficiency in verbal and written communications
Proficiency in interview skills
Proficiency in interpersonal skills
Proficiency in handling multiple tasks concurrently
Proficiency in project and time management
Ability to adjust to changing priorities
Ability to work in a cohesive team-oriented environment
Must be a US Citizen able to obtain and maintain a Moderate Public Trust

Preferred

Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations AND comprehensive understanding of NIST guidance to include NIST Special Publications and Federal Information Processing Standards
Self-starter, highly motivated individual who adapts to a dynamic work environment
Strong attention to detail with an ability to operate effectively across multiple priorities

Benefits

Paid vacation
Medical
Dental
Vision
Matching 401K plan
Tuition/training reimbursement
Long & Short-Term Disability

Company

AttainX, Inc.

twittertwitter
company-logo
AttainX is an SBA certified 8a / EDWOSB / WOSB and CMMI L3, ISO 9001:201, QMS certified company that delivers information technology solutions to Federal and state agencies.
dateFounded in 2008
location
Herndon, Virginia, USA
people-size51-200 employees
web-link
https://www.attainx.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Sheryll Manoj
President & CEO
linkedin
leader-logo
Donald Bice
Chief Growth Officer
linkedin

Recent News

Washington Technology
Shutdown freezes protests over $700M Coast Guard award
2025-10-03
Washington Technology
DHS' cyber agency awards $500M digital transformation support pact
2025-10-03
Washington Technology
Coast Guard picks 3 for $700M tech lifecycle pact
2025-09-24
Company data provided by crunchbase