Penetration Tester with Security Clearance Job at Connsci in Washington DC

Penetration Tester We are seeking a Penetration Tester for one of our government programs. This individual will be responsible for Responsibilities: • Vulnerability & Compliance Testing: • Conduct authenticated vulnerability scans and compliance evaluations across networks, systems, endpoints, and cloud platforms. • Web Application Testing: • Conduct security assessments of agency web applications using OWASP Top 10 and industry best practices. • Perform authenticated/unauthenticated scans using tools like Burp Suite and OWASP ZAP. • Identify vulnerabilities such as injection flaws, authentication weaknesses, session mismanagement, and sensitive data exposure. • Validate application security controls against NIST CSF subcategories • API Testing: • Evaluate REST/GraphQL APIs for authentication, authorization, and input validation weaknesses. • Conduct fuzzing and misuse testing to identify broken object-level authorization (BOLA) and mass assignment vulnerabilities. • Assess security of API tokens, keys, and session management practices. • Review error handling, data leakage, and logging practices for compliance. • Penetration Testing & Exploitation Validation: • Perform controlled penetration testing (internal and external) to simulate adversary behaviors and evaluate defensive effectiveness. • Audit Support & Reporting: • Document findings, prepare audit evidence, and provide recommendations for improving governance, risk, and compliance posture. • Collaboration: • Provide technical assistance to Agency OIGs and coordinate with operational IT and security teams to ensure findings are actionable and evidence based. Location/Travel: This role will be able to work primarily remotely but will require travel to company and government client site locations across Florida and the Washington DC metro region on an as needed basis. Preference will be given to candidates who are local to the DC Metro Region or who reside in Florida. Basic Qualifications: • Bachelor’s degree in Cybersecurity, Information Systems, or related field; or equivalent experience. • At least 5 years of experience in penetration testing to include web application testing and API testing • At least 2 years of experience supporting audit, compliance, or oversight functions to include preparing audit-ready documentation, evidence, and reports for executive leadership • At least 2 years of experience with NIST Cybersecurity Framework to include NIST 800-53 • At least one cyber security certification such as: CISSP, CISA, CISM, CCE, CFCE, GCFE, or CEH Preferred Qualifications: • Master’s degree in Cybersecurity, Information Technology, Computer Science • 7+ years of experience in penetration testing • 3+ years of experience with cloud technologies and Cloud Security Posture Management