Penetration Tester

Job not on LinkedIn

🔥 1 hour ago

🇺🇸 United States – Remote

💵 $123.3k - $166.8k / year

⏰ Full Time

🟠 Senior

🔴 Lead

🔧 QA Engineer (Quality Assurance)

🦅 H1B Visa Sponsor

info
Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of General Dynamics Information Technology

General Dynamics Information Technology

10,000+ employees

Founded 1954

🔒 Cybersecurity

🤖 Artificial Intelligence

Defense • Cybersecurity • Artificial Intelligence

General Dynamics Information Technology is a company at the forefront of technological innovation, offering a wide range of services including consulting, digital modernization, and application services. The company is heavily involved in implementing solutions related to artificial intelligence, cloud computing, cybersecurity, high-performance computing, and quantum technologies. GDIT is committed to supporting government and defense sectors, providing mission-critical services such as logistics and supply chain management, intelligence, and homeland security. The company also focuses on diverse and inclusive hiring practices and actively promotes employee well-being. Through its digital accelerator solutions and pioneering use of emerging technologies, GDIT aims to propel agencies' missions forward and address complex technological challenges.

📋 Description

• The Penetration Tester supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by conducting security, penetration, and vulnerability assessments required prior to Application ATO (Authority to Operate). • This role ensures that CMM applications—built using React, NodeJS, AWS cloud services, and microservices—meet federal security standards and demonstrate resilience against real‑world cyber threats. • Working within Agile DevSecOps teams, the Penetration Tester performs hands‑on exploitation, validates security controls, identifies weaknesses, and collaborates with engineering teams to remediate findings. • Perform application, API, and cloud penetration tests on CMM systems prior to ATO submission. • Conduct web, mobile, API, and microservices security testing using industry‑standard tools and manual exploitation techniques. • Execute AWS cloud penetration testing within approved boundaries (IAM, S3, Lambda, API Gateway, ECS/EKS, networking). • Perform static and dynamic analysis, including code review for security vulnerabilities. • Conduct credentialed and uncredentialed scans, privilege escalation testing, and lateral movement analysis. • Validate implementation of NIST 800‑53 controls, including AC, AU, IA, SC, SI, and CM families. • Support RMF Step 3 (Security Assessment) activities and provide evidence for ATO packages. • Identify vulnerabilities across application layers, cloud infrastructure, and CI/CD pipelines. • Work with developers, cloud engineers, and DevSecOps teams to validate fixes and retest vulnerabilities. • Provide detailed remediation guidance aligned with secure coding and cloud security best practices. • Track findings in Jira or equivalent tools and ensure closure prior to ATO milestones. • Prepare Security Assessment Reports (SAR), penetration test summaries, and risk findings for AO stakeholders. • Document exploitation steps, proof‑of‑concepts, and risk severity aligned with federal scoring methodologies. • Contribute to System Security Plans (SSP), POA&Ms, and ATO evidence packages. • Support pre‑ATO readiness reviews, including control validation and security walkthroughs. • Participate in tabletop exercises, threat modeling sessions, and architecture reviews. • Validate system resilience through stress, failover, and adversarial resilience testing. • Ensure compliance with federal security standards, including NIST, FISMA, and AO-specific guidelines. • Work closely with development teams to integrate security testing into Agile sprints. • Provide security insights during sprint planning, backlog refinement, and release readiness reviews. • Support secure CI/CD pipeline enhancements, including automated security scanning.

🎯 Requirements

• 8+ years of experience in penetration testing, application security, or ethical hacking security roles. • Experience documenting test plans, test procedures, and detailed security findings. • Experience supporting federal security assessments or enterprise-scale security testing. • Hands-on experience performing penetration tests on web applications, APIs, microservices, and cloud environments. • Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto, K6 Security, or custom scripts. • Experience testing applications built with NodeJS, ReactJS, REST APIs, and microservices. • Strong understanding of AWS security, including IAM, VPC, S3, Lambda, API Gateway, ECS/EKS, CloudTrail, and CloudWatch. • Experience with NIST 800‑53, RMF, FedRAMP, or federal ATO processes. • Ability to interpret logs, metrics, and security telemetry to identify attack paths. • Familiarity with SIEM and monitoring tools such as Datadog, ELK, CloudWatch, Grafana. • Experience with container security (Docker, Kubernetes, OpenShift). • Understanding of network security, distributed tracing, and adversarial testing techniques. • Strong analytical, communication, and documentation skills. • 8+ years of general experience in information systems with BS/BA Degree, or 6+ years with MA/MS Degree. • 6+ years experience with in integration, regression, and system testing using automated testing tools in web-based applications. • Experience in writing test cases, test plans, executing test scripts, reporting defects and preparing test results reports. • Experience in the entire QA Life Cycle, to include designing, developing and execution on the entire QA process and documentation of test plans, test cases, test procedures and test scripts. • Experience may be considered in lieu of degree. • Certifications: OSCP, OSWE, GWAPT, GPEN, or similar offensive security certifications. AWS Security Specialty SAFe, DevSecOps, or Agile certifications beneficial.

🏖️ Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. • To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. • GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. • The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. • To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.

Apply Now

Similar Jobs

🔥 1 hour ago

ICF

5001 - 10000

☁️ SaaS

⚡ Energy

Quality Assurance Engineer ensuring quality of a Salesforce-based SaaS solution for ICF while collaborating with federal stakeholders. Develop test plans and validate system functionality for compliance.

🔥 2 hours ago

Orbia

10,000+ employees

🌾 Agriculture

⚡ Energy

Regional Quality Engineer managing quality processes and compliance for Dura-Line’s products. Collaborating with engineering and production teams across the region to implement and sustain quality standards.

🔥 3 hours ago

CarringtonCrisp

1 - 10

📚 Education

Loan Servicing Quality Assurance Analyst assessing documentation and compliance in a remote setting. Handling testing and validation for mortgage servicing at Carrington Mortgage Services.

🔥 19 hours ago

New York Psychotherapy and Counseling Center (NYPCC)

201 - 500

⚕️ Healthcare Insurance

🤝 Non-profit

🧘 Wellness

Quality Assurance Assistant at NYPCC providing administrative support and project management for the QA team. Ensuring organizational tasks and accurate data management in a mental health service setting.

🕒 Yesterday

Sedgwick

10,000+ employees

🏢 Enterprise

📋 Compliance

Quality Assurance Specialist assessing data quality and performance for Sedgwick's investigative services. Collaborating with stakeholders and ensuring compliance with service agreements.