Core4ce LLC
Penetration Tester - Level III (SD) Washington, DC
Core4ce LLC, Washington, District of Columbia, us, 20022
As a Penetration Tester - Level III, you will serve as a key technical leader on our cybersecurity team, directly contributing to the protection of networks and sensitive data for a diverse range of customers, including both commercial enterprises and government entities. You will lead security engagements, mentor junior staff, and play a central role in developing innovative testing tools and capabilities that enhance our ability to emulate sophisticated adversaries.
This position offers a dynamic, collaborative environment that values innovation, technical excellence, and professional growth. You will work with a forward-leaning team that embraces advanced technologies and constantly seeks ways to improve security outcomes through robust software development and security automation.
Duties and Responsibilities:
Lead Penetration Testing Engagements – Serve as the technical lead during internal and external security assessments, simulating real-world attack techniques to identify vulnerabilities and evaluate defenses. Vulnerability Analysis and Exploitation – Perform in-depth analysis and exploitation of vulnerabilities across applications, operating systems, and networks, including the development of custom exploits. Threat Emulation and Scenario Design – Create and execute complex test scenarios, including red and purple team exercises, tailored to customer environments. Reporting and Executive Briefings – Produce comprehensive technical reports and executive-level presentations that clearly communicate risks, findings, and mitigation strategies. Advanced Analysis – Conduct reverse engineering, static/dynamic malware analysis, and offline code analysis to uncover hidden threats and support incident response efforts. Collaboration – Work closely with IR/SOC teams during investigations and contribute to the development of internal TTPs, policies, and CONOPs. Client Interaction – Interface with clients, present findings, and advise stakeholders on strategic security improvements. Travel – May require occasional travel to client sites. Software Development & Automation – Design, develop, and integrate custom penetration testing scripts, tools, and automation frameworks using languages such as Python, Ruby, and C/C++. Qualifications:
Active Top Secret Clearance Bachelor’s degree in a related field or 7+ years of experience in cybersecurity or information technology. Active DoD 8570 IAT Level II (or higher) certification. At least one of the following certifications in good standing: OSCP, OSCE, OSWA, OSWE, GPEN, GXPN, GWAPT. Demonstrated experience in both authenticated and unauthenticated testing scenarios. Deep knowledge of modern network protocols, operating systems, web applications, cloud environments, and secure configuration practices. Experience identifying and exploiting vulnerabilities across various platforms (e.g., Windows, Linux, macOS, network devices, web APIs). Proficient with open-source and commercial security tools (e.g., Nmap, Kali Linux, Cobalt Strike, Burp Suite). Strong software development skills, particularly in Python, Ruby, and C/C++, with experience creating custom testing tools and automation scripts. Preferred Experience:
7+ years of hands-on experience in penetration testing and vulnerability assessments. 7+ years supporting security operations or threat hunting activities. Experience developing C2 infrastructure, automated tools, and frameworks for testing and exploitation. Familiarity with MITRE ATT&CK, D3FEND, and adversary emulation techniques. Prior experience in red and purple team exercises. Comfort developing Rules of Engagement, TTPs, and operational documentation. Exploit development capability is a plus. Additional Information:
In addition to our core work supporting the DoD, our company also undertakes commercial cybersecurity initiatives. Team members may be engaged in these projects based on their expertise and interests, including advanced research and development related to software development and security testing automation. Why Work for Us?
Core4ce is a team of innovators, self-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes. 401(k) with 100% company match on the first 6% deferred, with immediate vesting Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce Unlimited access to training and certifications, with no pre-set cap on professional development Tuition assistance for job-related degrees and courses Paid parental leave, PTO that grows with tenure, and generous holiday schedules Opportunity to propose and develop bold innovations through The Forge program Join us to build a meaningful career—supported by a company that invests in you. All qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, disability, veteran status, age, genetic information, or other protected statuses.
#J-18808-Ljbffr
Lead Penetration Testing Engagements – Serve as the technical lead during internal and external security assessments, simulating real-world attack techniques to identify vulnerabilities and evaluate defenses. Vulnerability Analysis and Exploitation – Perform in-depth analysis and exploitation of vulnerabilities across applications, operating systems, and networks, including the development of custom exploits. Threat Emulation and Scenario Design – Create and execute complex test scenarios, including red and purple team exercises, tailored to customer environments. Reporting and Executive Briefings – Produce comprehensive technical reports and executive-level presentations that clearly communicate risks, findings, and mitigation strategies. Advanced Analysis – Conduct reverse engineering, static/dynamic malware analysis, and offline code analysis to uncover hidden threats and support incident response efforts. Collaboration – Work closely with IR/SOC teams during investigations and contribute to the development of internal TTPs, policies, and CONOPs. Client Interaction – Interface with clients, present findings, and advise stakeholders on strategic security improvements. Travel – May require occasional travel to client sites. Software Development & Automation – Design, develop, and integrate custom penetration testing scripts, tools, and automation frameworks using languages such as Python, Ruby, and C/C++. Qualifications:
Active Top Secret Clearance Bachelor’s degree in a related field or 7+ years of experience in cybersecurity or information technology. Active DoD 8570 IAT Level II (or higher) certification. At least one of the following certifications in good standing: OSCP, OSCE, OSWA, OSWE, GPEN, GXPN, GWAPT. Demonstrated experience in both authenticated and unauthenticated testing scenarios. Deep knowledge of modern network protocols, operating systems, web applications, cloud environments, and secure configuration practices. Experience identifying and exploiting vulnerabilities across various platforms (e.g., Windows, Linux, macOS, network devices, web APIs). Proficient with open-source and commercial security tools (e.g., Nmap, Kali Linux, Cobalt Strike, Burp Suite). Strong software development skills, particularly in Python, Ruby, and C/C++, with experience creating custom testing tools and automation scripts. Preferred Experience:
7+ years of hands-on experience in penetration testing and vulnerability assessments. 7+ years supporting security operations or threat hunting activities. Experience developing C2 infrastructure, automated tools, and frameworks for testing and exploitation. Familiarity with MITRE ATT&CK, D3FEND, and adversary emulation techniques. Prior experience in red and purple team exercises. Comfort developing Rules of Engagement, TTPs, and operational documentation. Exploit development capability is a plus. Additional Information:
In addition to our core work supporting the DoD, our company also undertakes commercial cybersecurity initiatives. Team members may be engaged in these projects based on their expertise and interests, including advanced research and development related to software development and security testing automation. Why Work for Us?
Core4ce is a team of innovators, self-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes. 401(k) with 100% company match on the first 6% deferred, with immediate vesting Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce Unlimited access to training and certifications, with no pre-set cap on professional development Tuition assistance for job-related degrees and courses Paid parental leave, PTO that grows with tenure, and generous holiday schedules Opportunity to propose and develop bold innovations through The Forge program Join us to build a meaningful career—supported by a company that invests in you. All qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, disability, veteran status, age, genetic information, or other protected statuses.
#J-18808-Ljbffr