SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 21264, Baltimore, MD
  3. Systems Security Specialist - Penetration Testing

Systems Security Specialist - Penetration Testing

MATRIX SYSTEMS & TECHNOLOGIES INC
Posted 5 days ago, valid for 13 days
Location

Baltimore, MD 21264, US

Salary

$85,000 - $130,000 per year

Contract type

Full Time

Health Insurance
Paid Time Off

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Matrix Systems and Technology is looking for a Systems Security Specialist with a minimum of eight years of progressive experience in cybersecurity, including five years in penetration testing or red team engagements.
  • The role involves conducting internal and external penetration testing, executing vulnerability assessments, and developing comprehensive reports on security findings.
  • Candidates should have expertise in common penetration testing tools and secure coding practices, as well as experience with the NIST Cybersecurity Framework and OWASP Top 10.
  • The position offers a salary of $100,000 to $140,000, depending on experience and qualifications, along with benefits such as health insurance, paid time off, and training opportunities.
  • Preferred qualifications include advanced offensive security experience, familiarity with zero trust architecture, and a strong background in government security programs.
Benefits:
  • Health insurance
  • Paid time off
  • Training & development

Matrix Systems and Technology is seeking a Systems Security Specialist to perform internal and external penetration testing of networks, web applications, API's, and cloud environments to identify security vulnerabilities and exploit paths, and other related tasks.

Duties/ Responsibilities:
  •  Conduct internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths. 
  • Perform red team engagements simulating real-world adversary tactics, techniques, and procedures (TTPs) aligned with MITRE ATT&CK. 
  • Execute vulnerability assessments and validate remediation efforts through retesting and technical verification. 
  • Develop comprehensive penetration testing reports, including executive summaries, risk ratings, proof-of-concept evidence, and actionable remediation guidance. 
  • Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways. 
  • Conduct secure configuration reviews of operating systems, network infrastructure, cloud platforms, and identity systems. 
  • Evaluate application security through dynamic and manual testing techniques, including authentication, session management, input validation, and access control testing. 
  • Review source code for security weaknesses and secure coding gaps, particularly in C/C++, Python, Java, or similar languages. Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities. 
  • Support incident response activities by recreating attack chains, validating compromise scenarios, and identifying root causes. Assess Zero Trust implementations, micro-segmentation strategies, and identity-based security controls for effectiveness. 
  • Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience. 
  • Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization. 
  • Collaborate with engineering, DevOps, and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture. 
  • Contribute to the development of security policies, testing methodologies, and enterprise security standards. 
  • Support compliance efforts by mapping testing results to NIST, OWASP, CIS, or other applicable security frameworks.
  • Participate in continuous improvement of penetration testing methodologies, tools, and adversary emulation strategies. 
  • Adhere to all security, change control, and Project Management Office (PMO) policies, processes, and methodologies.

Minimum Qualifications: 
  •  A Minimum eight (8) years of progressive experience in cybersecurity 
  • A minimum of five (5) years performing penetration testing or red team engagements. 
  • A minimum of five (5) years conducting network penetration testing, web application and API testing, internal and external vulnerability assessments and threat modeling and attack path analysis 
  • A minimum of five (5) years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance. 
  • A minimum of five (5) years supporting incident response investigations and validation testing. 
  • A minimum of five (5) years with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Nessus, etc.). 
  • Strong knowledge of Secure coding practices, Application security testing (SAST/DAST concepts), Network architecture and segmentation and Identity and access management concepts 
  • A minimum of five (5) years of demonstrated scripting or development ability in at least one language (e.g., Python, C/C++, PowerShell, Bash). 
  • A minimum of five (5) years of working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK and OWASP Top 10 A minimum of five (5) years of experience mapping findings to security control frameworks. 
  • At least one recognized offensive security certification (e.g., OSCP, GPEN, GXPN, CEH, or major experience can substitute for certification). 
  • Demonstrated ability to communicate technical findings to executive and non-technical audiences, and provide actionable remediation recommendations. Demonstrated experience working in government or highly regulated environments.
Preferred Qualifications:
  •  A Minimum ten (10) years of progressive experience in cybersecurity 
  • A minimum of eight (8) years of experience in Advanced Offensive Security: 
    • Experience leading red team engagements. 
    • Experience performing adversary emulation exercises. 
    • Experience conducting phishing and social engineering simulations. 
    • Experience performing purple team exercises. 
  • A minimum of five (5) years of experience in Zero Trust & Architecture: 
    • Experience designing or assessing Zero Trust implementations. 
    • Experience evaluating micro-segmentation strategies and identity-centric controls. 
  • A minimum of five (5) years of experience in Cloud & Modern Infrastructure: 
    • Experience performing security assessments in AWS or Azure environments, Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments 
    • Experience testing CI/CD pipelines. 
  • A minimum of ten (10) years of experience in Software Development Depth: 
    • Strong low-level development knowledge (kernel, assembly, embedded systems) that supports advanced exploit analysis. 
    • Experience reviewing source code in JAVA or other compiled languages for vulnerabilities. 
  • A minimum of ten (10) years of experience in Government in the following: 
    • Experience supporting federal or state government security programs. Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments.


Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs