Jobs via Dice
Join to apply for the
Lead Penetration Tester
role at
Jobs via Dice Dice is the leading career destination for tech experts at every stage of their careers. Our client, Comtech LLC, is seeking the following. Apply via Dice today! Comtech LLC is seeking a highly skilled
Lead Penetration Tester
to spearhead the execution of the
PSD Database Penetration Testing Project
under the State of Vermont’s Agency of Digital Services (ADS). The Lead Penetration Tester will be responsible for planning, conducting, and documenting comprehensive penetration tests across critical systems, applications, and databases, ensuring vulnerabilities are identified, validated, and communicated with actionable remediation strategies. This position requires deep expertise in both
black-box
and
authenticated penetration testing , with advanced proficiency in exploiting vulnerabilities in web applications, REST APIs, operating systems, and databases. The Lead Tester will collaborate closely with cybersecurity engineers, analysts, and the Project Manager to meet all testing milestones defined within the project SOW. Responsibilities
Lead the end-to-end penetration testing effort for the PSD database environment and associated systems per the project SOW. Develop detailed penetration test plans, methodologies, and rules of engagement (ROE) aligned with NIST SP 800-115, OWASP, and CIS standards. Conduct external, internal, and web application penetration tests, including black-box, gray-box, and authenticated assessments. Perform detailed testing on REST APIs, authentication mechanisms, and session management controls. Execute network, database, and operating system exploitation to demonstrate the practical impact of identified vulnerabilities. Utilize both commercial and open-source tools (Burp Suite, Metasploit, Nmap, Nessus, SQLmap, Hydra, Cobalt Strike, etc.) to perform in-depth analysis. Develop and maintain custom scripts and exploits to verify vulnerability exploitation and validate remediation effectiveness. Generate and present technical and executive-level reports, detailing vulnerabilities, exploitation methods, risk ratings, and recommended mitigations. Work with client stakeholders to remediate and validate fixes through post-mitigation retesting. Ensure all testing and data handling activities are compliant with ADS cybersecurity policies, data privacy standards, and federal/state security requirements. Participate in status meetings, risk reviews, and deliverable walkthroughs with ADS/PSD stakeholders and Comtech’s internal project management team. Support creation of the final Penetration Testing Report, Remediation Validation Report, and Destruction Attestation Report per SOW. Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related technical field. 8+ years of hands-on experience in penetration testing, vulnerability assessment, and exploitation. Proven expertise in
black-box, gray-box, and authenticated penetration testing
of applications, APIs, and infrastructure. Demonstrated experience with
REST API assessments , parameter fuzzing, and token-based authentication testing. Strong working knowledge of
OWASP Top 10 ,
NIST SP 800-53/115 ,
CIS Controls , and common exploit frameworks. Experience performing
manual and automated vulnerability validation
using tools such as Burp Suite, OWASP ZAP, Nessus, Metasploit, Cobalt Strike, and Nmap. Proficiency with
scripting languages
such as Python, Bash, or PowerShell for automation and custom testing. Strong understanding of
Active Directory ,
Windows/Linux hardening , and
cloud environment security
(AWS/Azure). Excellent written and verbal communication skills, capable of producing executive-ready reports and technical documentation. Ability to maintain the
highest level of professionalism and discretion
when handling sensitive client data. Mandatory Certifications:
OSCP ,
CISSP ,
CEH
(preferred) and
GPEN . Job Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Information Technology Industries: Software Development
#J-18808-Ljbffr
Lead Penetration Tester
role at
Jobs via Dice Dice is the leading career destination for tech experts at every stage of their careers. Our client, Comtech LLC, is seeking the following. Apply via Dice today! Comtech LLC is seeking a highly skilled
Lead Penetration Tester
to spearhead the execution of the
PSD Database Penetration Testing Project
under the State of Vermont’s Agency of Digital Services (ADS). The Lead Penetration Tester will be responsible for planning, conducting, and documenting comprehensive penetration tests across critical systems, applications, and databases, ensuring vulnerabilities are identified, validated, and communicated with actionable remediation strategies. This position requires deep expertise in both
black-box
and
authenticated penetration testing , with advanced proficiency in exploiting vulnerabilities in web applications, REST APIs, operating systems, and databases. The Lead Tester will collaborate closely with cybersecurity engineers, analysts, and the Project Manager to meet all testing milestones defined within the project SOW. Responsibilities
Lead the end-to-end penetration testing effort for the PSD database environment and associated systems per the project SOW. Develop detailed penetration test plans, methodologies, and rules of engagement (ROE) aligned with NIST SP 800-115, OWASP, and CIS standards. Conduct external, internal, and web application penetration tests, including black-box, gray-box, and authenticated assessments. Perform detailed testing on REST APIs, authentication mechanisms, and session management controls. Execute network, database, and operating system exploitation to demonstrate the practical impact of identified vulnerabilities. Utilize both commercial and open-source tools (Burp Suite, Metasploit, Nmap, Nessus, SQLmap, Hydra, Cobalt Strike, etc.) to perform in-depth analysis. Develop and maintain custom scripts and exploits to verify vulnerability exploitation and validate remediation effectiveness. Generate and present technical and executive-level reports, detailing vulnerabilities, exploitation methods, risk ratings, and recommended mitigations. Work with client stakeholders to remediate and validate fixes through post-mitigation retesting. Ensure all testing and data handling activities are compliant with ADS cybersecurity policies, data privacy standards, and federal/state security requirements. Participate in status meetings, risk reviews, and deliverable walkthroughs with ADS/PSD stakeholders and Comtech’s internal project management team. Support creation of the final Penetration Testing Report, Remediation Validation Report, and Destruction Attestation Report per SOW. Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related technical field. 8+ years of hands-on experience in penetration testing, vulnerability assessment, and exploitation. Proven expertise in
black-box, gray-box, and authenticated penetration testing
of applications, APIs, and infrastructure. Demonstrated experience with
REST API assessments , parameter fuzzing, and token-based authentication testing. Strong working knowledge of
OWASP Top 10 ,
NIST SP 800-53/115 ,
CIS Controls , and common exploit frameworks. Experience performing
manual and automated vulnerability validation
using tools such as Burp Suite, OWASP ZAP, Nessus, Metasploit, Cobalt Strike, and Nmap. Proficiency with
scripting languages
such as Python, Bash, or PowerShell for automation and custom testing. Strong understanding of
Active Directory ,
Windows/Linux hardening , and
cloud environment security
(AWS/Azure). Excellent written and verbal communication skills, capable of producing executive-ready reports and technical documentation. Ability to maintain the
highest level of professionalism and discretion
when handling sensitive client data. Mandatory Certifications:
OSCP ,
CISSP ,
CEH
(preferred) and
GPEN . Job Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Information Technology Industries: Software Development
#J-18808-Ljbffr