Connsci is hiring: Penetration Tester in Gaithersburg

We are seeking a Penetration Tester for one of our government programs. This individual will be responsible for penetration testing, vulnerability and compliance testing, web application testing, API testing, and supporting various audit and reporting functions.

Responsibilities

• Vulnerability & Compliance Testing:
  • Conduct authenticated vulnerability scans and compliance evaluations across networks, systems, endpoints, and cloud platforms.
• Web Application Testing:
  • Conduct security assessments of agency web applications using OWASP Top 10 and industry best practices.
  • Perform authenticated/unauthenticated scans using tools like Burp Suite and OWASP ZAP.
  • Identify vulnerabilities such as injection flaws, authentication weaknesses, session mismanagement, and sensitive data exposure.
  • Validate application security controls against NIST CSF subcategories.
• API Testing:
  • Evaluate REST/GraphQL APIs for authentication, authorization, and input validation weaknesses.
  • Conduct fuzzing and misuse testing to identify broken object-level authorization (BOLA) and mass assignment vulnerabilities.
  • Assess security of API tokens, keys, and session management practices.
  • Review error handling, data leakage, and logging practices for compliance.
• Penetration Testing & Exploitation Validation:
  • Perform controlled penetration testing (internal and external) to simulate adversary behaviors and evaluate defensive effectiveness.
• Audit Support & Reporting:
  • Document findings, prepare audit evidence, and provide recommendations for improving governance, risk, and compliance posture.
• Collaboration:
  • Provide technical assistance to Agency OIGs and coordinate with operational IT and security teams to ensure findings are actionable and evidence based.

Location/Travel

This role will be able to work primarily remotely but will require travel to company and government client site locations across Florida and the Washington DC metro region on an as needed basis. Preference will be given to candidates who are local to the DC Metro Region or who reside in Florida.

Basic Qualifications

• Bachelor's degree in Cybersecurity, Information Systems, or related field; or equivalent experience.
• At least 5 years of experience in penetration testing to include web application testing and API testing.
• At least 2 years of experience supporting audit, compliance, or oversight functions including preparing audit-ready documentation, evidence, and reports for executive leadership.
• At least 2 years of experience with NIST Cybersecurity Framework to include NIST 800-53.
• At least one cybersecurity certification such as: CISSP, CISA, CISM, CCE, CFCE, GCFE, or CEH.

Preferred Qualifications

• Master's degree in Cybersecurity, Information Technology, Computer Science.
• 7+ years of experience in penetration testing.
• 3+ years of experience with cloud technologies and Cloud Security Posture Management.

About Connsci

At Connsci, our mission is to be a trusted strategic partner for our clients, helping them achieve impactful results by addressing mission-critical issues that affect their bottom line. We recognize the importance of customizing our services to best fit our clients' needs and understanding what it takes to propel their organizations forward. By implementing industry-leading best practices and leveraging our multifaceted experience and expertise, we deliver services that are essential for any organization aiming to reach its goals.

What You Can Expect

• Collaboration and Innovation: Work in an environment where collaboration and innovation are key. You''ll have the opportunity to contribute to projects that make a real difference for our clients.
• Professional Growth: Be part of a team that values professional development. We offer opportunities for growth and advancement, allowing you to enhance your skills and career.
• Impactful Work: Engage in meaningful work that addresses mission-critical issues and supports organizations in achieving their goals.

By joining Connsci, you''ll become part of a dedicated team that is committed to delivering strategic, impactful solutions tailored to our clients\' unique needs, enabling them to achieve their goals with confidence and efficiency. If you''re passionate about cybersecurity and IT services, and eager to contribute to a dynamic team, we encourage you to explore opportunities with us.

At this time, Connsci will not sponsor a new applicant for employment authorization for this position.

Connsci is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. Connsci makes hiring decisions based solely on qualifications, merit, and business needs at the time.