Core4ce
Overview
As a Penetration Tester - Level III, you will serve as a technical leader on our cybersecurity team, directing protection of networks and sensitive data for a diverse set of customers, including commercial enterprises and government entities. You will lead security engagements, mentor junior staff, and play a central role in developing testing tools and capabilities that enhance our ability to emulate sophisticated adversaries. This position offers a dynamic, collaborative environment that values innovation, technical excellence, and professional growth. You will work with a forward-leaning team that embraces advanced technologies and continuously seeks ways to improve security outcomes through robust software development and security automation. Duties and Responsibilities: Lead Penetration Testing Engagements – serve as the technical lead during internal and external security assessments, simulating real-world attack techniques to identify vulnerabilities and evaluate defenses. Vulnerability Analysis and Exploitation – perform in-depth analysis and exploitation of vulnerabilities across applications, operating systems, and networks, including the development of custom exploits. Threat Emulation and Scenario Design – create and execute complex test scenarios, including red and purple team exercises, tailored to customer environments. Reporting and Executive Briefings – produce comprehensive technical reports and executive-level presentations that clearly communicate risks, findings, and actionable mitigation strategies. Advanced Analysis – conduct reverse engineering, static/dynamic malware analysis, and offline code analysis to uncover hidden threats and support incident response efforts. Collaboration – work closely with IR/SOC teams as needed during investigations, and contribute to the development of internal TTPs, policies, and CONOPs. Client Interaction – interface with clients, present findings, and advise stakeholders on strategic security improvements. Travel – may require occasional travel to client sites. Software Development & Automation – design, develop, and integrate custom penetration testing scripts, tools, and automation frameworks using languages such as Python, Ruby, and C/C++. Collaborate with team members to build effective, reusable testing utilities that replicate advanced adversary tactics and improve testing efficiency. Qualifications: Active Top Secret Clearance. Bachelor’s degree in a related field or 7+ years of experience in cybersecurity or information technology. Active DoD 8570 IAT Level II (or higher) certification. At least one of the following certifications in good standing: OSCP, OSCE, OSWA, OSWE, GPEN, GXPN, GWAPT. Demonstrated experience in both authenticated and unauthenticated testing scenarios. Deep knowledge of modern network protocols, operating systems, web applications, cloud environments, and secure configuration practices. Experience identifying and exploiting vulnerabilities across various platforms (Windows, Linux, macOS, network devices, web APIs). Proficient with open-source and commercial security tools (e.g., Nmap, Kali Linux, Cobalt Strike, Burp Suite, etc.). Strong software development skills, particularly in Python, Ruby, and C/C++, with experience creating custom testing tools and automation scripts. Preferred experience: 7+ years of hands-on penetration testing and vulnerability assessments; 7+ years supporting security operations or threat hunting activities; experience developing C2 infrastructure, automated tools, and frameworks for testing/exploitation; familiarity with MITRE ATT&CK, D3FEND, and adversary emulation techniques; prior red/purple team exercises; ability to develop Rules of Engagement, TTPs, and other operational documentation; exploit development capability is a plus. Additional Information: In addition to our DoD-focused work, Core4ce undertakes commercial cybersecurity initiatives. Team members may be selected for these projects based on expertise and interests, including advanced research and development related to software development and security testing automation. Why Work for Us? Core4ce is a team of innovators and critical thinkers dedicated to strengthening national security and advancing warfighting outcomes. We offer: 401(k) with 100% company match on the first 6% deferred, with immediate vesting. Comprehensive medical, dental, and vision coverage — employee portion paid 100% by Core4ce. Unlimited access to training and certifications, with no pre-set cap on eligible professional development. Tuition assistance for job-related degrees and courses. Paid parental leave, PTO that grows with tenure, and generous holiday schedules. Opportunity to propose bold innovations through The Forge, with internal backing for viable ideas. Join us to build a career that matters—supported by a company that invests in you. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.
#J-18808-Ljbffr
As a Penetration Tester - Level III, you will serve as a technical leader on our cybersecurity team, directing protection of networks and sensitive data for a diverse set of customers, including commercial enterprises and government entities. You will lead security engagements, mentor junior staff, and play a central role in developing testing tools and capabilities that enhance our ability to emulate sophisticated adversaries. This position offers a dynamic, collaborative environment that values innovation, technical excellence, and professional growth. You will work with a forward-leaning team that embraces advanced technologies and continuously seeks ways to improve security outcomes through robust software development and security automation. Duties and Responsibilities: Lead Penetration Testing Engagements – serve as the technical lead during internal and external security assessments, simulating real-world attack techniques to identify vulnerabilities and evaluate defenses. Vulnerability Analysis and Exploitation – perform in-depth analysis and exploitation of vulnerabilities across applications, operating systems, and networks, including the development of custom exploits. Threat Emulation and Scenario Design – create and execute complex test scenarios, including red and purple team exercises, tailored to customer environments. Reporting and Executive Briefings – produce comprehensive technical reports and executive-level presentations that clearly communicate risks, findings, and actionable mitigation strategies. Advanced Analysis – conduct reverse engineering, static/dynamic malware analysis, and offline code analysis to uncover hidden threats and support incident response efforts. Collaboration – work closely with IR/SOC teams as needed during investigations, and contribute to the development of internal TTPs, policies, and CONOPs. Client Interaction – interface with clients, present findings, and advise stakeholders on strategic security improvements. Travel – may require occasional travel to client sites. Software Development & Automation – design, develop, and integrate custom penetration testing scripts, tools, and automation frameworks using languages such as Python, Ruby, and C/C++. Collaborate with team members to build effective, reusable testing utilities that replicate advanced adversary tactics and improve testing efficiency. Qualifications: Active Top Secret Clearance. Bachelor’s degree in a related field or 7+ years of experience in cybersecurity or information technology. Active DoD 8570 IAT Level II (or higher) certification. At least one of the following certifications in good standing: OSCP, OSCE, OSWA, OSWE, GPEN, GXPN, GWAPT. Demonstrated experience in both authenticated and unauthenticated testing scenarios. Deep knowledge of modern network protocols, operating systems, web applications, cloud environments, and secure configuration practices. Experience identifying and exploiting vulnerabilities across various platforms (Windows, Linux, macOS, network devices, web APIs). Proficient with open-source and commercial security tools (e.g., Nmap, Kali Linux, Cobalt Strike, Burp Suite, etc.). Strong software development skills, particularly in Python, Ruby, and C/C++, with experience creating custom testing tools and automation scripts. Preferred experience: 7+ years of hands-on penetration testing and vulnerability assessments; 7+ years supporting security operations or threat hunting activities; experience developing C2 infrastructure, automated tools, and frameworks for testing/exploitation; familiarity with MITRE ATT&CK, D3FEND, and adversary emulation techniques; prior red/purple team exercises; ability to develop Rules of Engagement, TTPs, and other operational documentation; exploit development capability is a plus. Additional Information: In addition to our DoD-focused work, Core4ce undertakes commercial cybersecurity initiatives. Team members may be selected for these projects based on expertise and interests, including advanced research and development related to software development and security testing automation. Why Work for Us? Core4ce is a team of innovators and critical thinkers dedicated to strengthening national security and advancing warfighting outcomes. We offer: 401(k) with 100% company match on the first 6% deferred, with immediate vesting. Comprehensive medical, dental, and vision coverage — employee portion paid 100% by Core4ce. Unlimited access to training and certifications, with no pre-set cap on eligible professional development. Tuition assistance for job-related degrees and courses. Paid parental leave, PTO that grows with tenure, and generous holiday schedules. Opportunity to propose bold innovations through The Forge, with internal backing for viable ideas. Join us to build a career that matters—supported by a company that invests in you. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.
#J-18808-Ljbffr