Core4ce
Penetration Tester - Level III (SD)
Core4ce, Washington, District Of Columbia, United States, 20599
Penetration Tester - Level III (SD)
As a Penetration Tester - Level III, you will serve as a key technical leader on our cybersecurity team, directly contributing to the protection of networks and sensitive data for a diverse range of customers, including both commercial enterprises and government entities. You will lead security engagements, mentor junior staff, and play a central role in developing innovative testing tools and capabilities that enhance our ability to emulate sophisticated adversaries. This position offers a dynamic, collaborative environment that values innovation, technical excellence, and professional growth. You will work with a forward-leaning team that embraces advanced technologies and constantly seeks ways to improve security outcomes through robust software development and security automation. Duties and Responsibilities: Operating with minimal supervision in support of the Department of Defense (DoD), your responsibilities include: Lead Penetration Testing Engagements
Serve as the technical lead during internal and external security assessments, simulating real-world attack techniques to identify vulnerabilities and evaluate defenses. Vulnerability Analysis and Exploitation
Perform in-depth analysis and exploitation of vulnerabilities across applications, operating systems, and networks, including the development of custom exploits. Threat Emulation and Scenario Design
Create and execute complex test scenarios, including red and purple team exercises, tailored to customer environments. Reporting and Executive Briefings
Produce comprehensive technical reports and executive-level presentations that clearly communicate risks, findings, and actionable mitigation strategies. Advanced Analysis
Conduct reverse engineering, static/dynamic malware analysis, and offline code analysis to uncover hidden threats and support incident response efforts. Collaboration
Work closely with IR/SO CERT teams as needed during investigations, and contribute to the development of internal TTPs, policies, and CONOPs. Client Interaction
Interface with clients, present findings, and advise stakeholders on strategic and tactical security improvements. Travel
May require occasional travel to client sites. Software Development & Automation
Design, develop, and integrate custom penetration testing scripts, tools, and automation frameworks using programming languages such as Python, Ruby, and C/C++. Collaborate with team members to build effective, reusable testing utilities that replicate advanced adversary tactics and improve testing efficiency. Qualifications: Active Top Secret Clearance Bachelors degree in a related field or 7+ years of experience in cybersecurity or information technology. Active DoD 8570 IAT Level II (or higher) certification. At least one of the following certifications in good standing: OSCP, OSCE, OSWE, GPEN, GXPN, GWAPT. Demonstrated experience in both authenticated and unauthenticated testing scenarios. Deep knowledge of modern network protocols, operating systems, web applications, cloud environments, and security configuration practices. Experience identifying and exploiting vulnerabilities across various platforms (e.g., Windows, Linux, macOS, network devices, web APIs). Proficient with open-source and commercial security tools (e.g., Nmap, Kali Linux, Cobalt Strike, Burp Suite, etc.). Strong software development skills, particularly in Python, Ruby, and C/C++, with experience creating custom testing tools and automation scripts. Preferred Experience: 7+ years of hands-on experience in penetration testing and vulnerability assessments. 7+ years supporting security operations or threat hunting activities. Experience developing C2 infrastructure, automated tools, and frameworks for testing and exploitation. Familiarity with MITRE ATT&CK, D3FEND, and adversary emulation techniques. Prior experience in red and purple team exercises. Comfort developing Rules of Engagement, TTPs, and other operational documentation. Additional Information: In addition to our core work supporting the DoD, our company also undertakes commercial cybersecurity initiatives. Team members may be selectively engaged in these projects based on their expertise and interests, including advanced research and development efforts related to software development and security testing automation. Why Work for Us? Core4ce is a team of innovators, self-starters, and critical thinkersdriven by a shared mission to strengthen national security and advance warfighting outcomes. 401(k) with 100% company match on the first 6% deferred, with immediate vesting Comprehensive medical, dental, and vision coverageemployee portion paid 100% by Core4ce Unlimited access to training and certifications, with no pre-set cap on eligible professional development Tuition assistance for job-related degrees and courses Paid parental leave, PTO that grows with tenure, and generous holiday schedules Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing. Join us to build a career that matterssupported by a company that invests in you. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.
As a Penetration Tester - Level III, you will serve as a key technical leader on our cybersecurity team, directly contributing to the protection of networks and sensitive data for a diverse range of customers, including both commercial enterprises and government entities. You will lead security engagements, mentor junior staff, and play a central role in developing innovative testing tools and capabilities that enhance our ability to emulate sophisticated adversaries. This position offers a dynamic, collaborative environment that values innovation, technical excellence, and professional growth. You will work with a forward-leaning team that embraces advanced technologies and constantly seeks ways to improve security outcomes through robust software development and security automation. Duties and Responsibilities: Operating with minimal supervision in support of the Department of Defense (DoD), your responsibilities include: Lead Penetration Testing Engagements
Serve as the technical lead during internal and external security assessments, simulating real-world attack techniques to identify vulnerabilities and evaluate defenses. Vulnerability Analysis and Exploitation
Perform in-depth analysis and exploitation of vulnerabilities across applications, operating systems, and networks, including the development of custom exploits. Threat Emulation and Scenario Design
Create and execute complex test scenarios, including red and purple team exercises, tailored to customer environments. Reporting and Executive Briefings
Produce comprehensive technical reports and executive-level presentations that clearly communicate risks, findings, and actionable mitigation strategies. Advanced Analysis
Conduct reverse engineering, static/dynamic malware analysis, and offline code analysis to uncover hidden threats and support incident response efforts. Collaboration
Work closely with IR/SO CERT teams as needed during investigations, and contribute to the development of internal TTPs, policies, and CONOPs. Client Interaction
Interface with clients, present findings, and advise stakeholders on strategic and tactical security improvements. Travel
May require occasional travel to client sites. Software Development & Automation
Design, develop, and integrate custom penetration testing scripts, tools, and automation frameworks using programming languages such as Python, Ruby, and C/C++. Collaborate with team members to build effective, reusable testing utilities that replicate advanced adversary tactics and improve testing efficiency. Qualifications: Active Top Secret Clearance Bachelors degree in a related field or 7+ years of experience in cybersecurity or information technology. Active DoD 8570 IAT Level II (or higher) certification. At least one of the following certifications in good standing: OSCP, OSCE, OSWE, GPEN, GXPN, GWAPT. Demonstrated experience in both authenticated and unauthenticated testing scenarios. Deep knowledge of modern network protocols, operating systems, web applications, cloud environments, and security configuration practices. Experience identifying and exploiting vulnerabilities across various platforms (e.g., Windows, Linux, macOS, network devices, web APIs). Proficient with open-source and commercial security tools (e.g., Nmap, Kali Linux, Cobalt Strike, Burp Suite, etc.). Strong software development skills, particularly in Python, Ruby, and C/C++, with experience creating custom testing tools and automation scripts. Preferred Experience: 7+ years of hands-on experience in penetration testing and vulnerability assessments. 7+ years supporting security operations or threat hunting activities. Experience developing C2 infrastructure, automated tools, and frameworks for testing and exploitation. Familiarity with MITRE ATT&CK, D3FEND, and adversary emulation techniques. Prior experience in red and purple team exercises. Comfort developing Rules of Engagement, TTPs, and other operational documentation. Additional Information: In addition to our core work supporting the DoD, our company also undertakes commercial cybersecurity initiatives. Team members may be selectively engaged in these projects based on their expertise and interests, including advanced research and development efforts related to software development and security testing automation. Why Work for Us? Core4ce is a team of innovators, self-starters, and critical thinkersdriven by a shared mission to strengthen national security and advance warfighting outcomes. 401(k) with 100% company match on the first 6% deferred, with immediate vesting Comprehensive medical, dental, and vision coverageemployee portion paid 100% by Core4ce Unlimited access to training and certifications, with no pre-set cap on eligible professional development Tuition assistance for job-related degrees and courses Paid parental leave, PTO that grows with tenure, and generous holiday schedules Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing. Join us to build a career that matterssupported by a company that invests in you. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.