Senior Penetration Tester jobs in United States
cer-icon
Apply on Employer Site
company-logo

BMA · 2 hours ago

Senior Penetration Tester

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date6+ years exp

BMA is an employee-owned small business headquartered in Huntsville, AL that provides superior customer service by empowering all levels of our staff to make timely decisions to produce high-quality results. They are seeking a Senior Penetration Tester to support their Cybersecurity Assessment Program, responsible for performing penetration testing, identifying security flaws, and improving the overall cybersecurity posture of the enterprise.

Cloud ComputingCyber SecurityEducationInformation TechnologyTraining
check
Comp. & BenefitsbadNo H1BnoteSecurity Clearance Requirednote

Responsibilities

Independently performs penetration testing of applications, systems, and enclaves; identifies security flaws in computing platforms and applications and devises strategies and techniques to mitigate identified cybersecurity risks
Performs application, network, and wireless penetration testing and security assessments
Applies offensive cybersecurity testing techniques and coordinates testing projects with internal and external system owners
Reports on identified cybersecurity risks and recommends mitigation measures to improve the overall cybersecurity posture of the enterprise
Applies in-depth knowledge of network protocols, operating systems, web application security, reverse engineering, and scripting languages to identify and mitigate vulnerabilities before they can be exploited by threat actors
Continuously refines and improves cybersecurity defenses and incident response plans
Supports the development of Assessment Final Reports, Mitigation Effectiveness Reports, and Rules of Engagement
Supports daily hotwash events, briefings and presentations, and scoping meetings

Qualification

Penetration TestingVulnerability AssessmentsNetwork SecuritySecurity ReportingPenetration Testing CertificationsWindows Server AdministrationLinux AdministrationScripting LanguagesTCP/IP KnowledgeWireless Security TestingCommunication SkillsPresentation SkillsDocumentation Skills

Required

An active Secret security clearance is required at the time of proposal submission
6+ years of proven proficiency performing extensive vulnerability assessments and penetration testing
3+ years of experience using testing tools including NESSUS, Metasploit, CANVAS, Nmap, Burp Suite, and Kismet
3+ years of experience performing network vulnerability assessments and applying penetration testing methodologies
3+ years of experience writing penetration testing and assessment reports
2+ years of experience administering, using, and troubleshooting Windows Server and IIS
2+ years of experience administering, using, and troubleshooting a major Linux distribution
2+ years of experience performing PCI DSS testing
Possession of one or more penetration testing certifications such as Licensed Penetration Tester (LPT), Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN)
Knowledge of TCP/IP protocols and networking architectures
Knowledge of open security testing standards and projects, including OWASP
Knowledge of database, application, and web server design and implementation
Experience scripting in Perl, Python, Ruby, Bash, or Java
Experience with wireless LAN security testing
Excellent oral communication, written documentation, and presentation skills

Preferred

Experience supporting DLA contracts
Bachelor's degree in a relevant technical field
Project Management Professional (PMP) certification
Familiarity with enterprise networks and systems, including servers, databases, APIs, and Active Directory
Familiarity with web application concepts such as session management, business logic, and input validation
Familiarity with AI and large language model (LLM) security concerns, including data poisoning and prompt injection exploitation
Familiarity with operational technology (OT) environments, including SCADA system security and PLC security
Familiarity with wireless networks, including Bluetooth security and wireless intrusion detection and prevention systems (WIDS/WIPS)
Familiarity with DevSecOps pipelines, including SAST, DAST, and SCA implementation and automated security testing
Familiarity with hybrid environments, including the interconnectivity and security of on-premises and cloud-based systems

Benefits

Multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option
Medical coverage
Dental
Vision
Accident & illness
Short- and long-term disability
401(k) plan with an industry leading 6% match
Profit sharing based on company performance
100% Employee Stock Ownership Plan (ESOP)

Company

BMA

twittertwittertwitter
company-logo
A 100% Employee-Owned company with connections across the Department of Defense and Department of Homeland Security.
dateFounded in 2008
location
Huntsville, Alabama, USA
people-size51-200 employees
web-link
https://www.bmahq.com/

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
George Beshenich
Founder, Owner and Principal
linkedin
Company data provided by crunchbase