Penetration Tester, Lead

Overview

Lead Penetration Tester

woodcons.com

Location: Annapolis Junction, Maryland, USA

Job Type: Full-Time

Shift: Day

Telework: None

Salary Range: **$180,000 to $210,000 per year

** Starting salary is based on minimum education and years of experience and increases based on education and/or experience.

Overview: Lead the offense to strengthen the defense. WOOD is seeking a highly skilled Lead Penetration Tester to join a top‑tier Agile cybersecurity team focused on securing complex, enterprise‑scale environments. In this role, you’ll spearhead offensive security assessments across networks, applications, endpoints, cloud services, and mission‑critical systems—simulating real‑world adversaries to uncover vulnerabilities before they can be exploited. You’ll collaborate closely with cyber SMEs, engineers, and leadership to shape penetration testing strategies, guide remediation, and influence enterprise‑level security posture. Your work will directly safeguard interconnected infrastructures including LAN/WAN environments, public‑facing assets, commercial internet gateways, servers, and user platforms. If you thrive in advanced threat emulation, enjoy unraveling complex technical challenges, and want your expertise to drive major cybersecurity decisions, this is a standout opportunity to lead and innovate.

Application Process: Interested candidates should submit their resume detailing their qualifications and experience.

Security Clearance Requirements:

This position requires all candidates to be U.S. Citizens and possess an active TS/SCI Security Clearance with a Polygraph.

Responsibilities

• Conduct internal and external penetration tests to identify vulnerabilities and recommend mitigation strategies.
• Perform web application penetration tests.
• Execute vulnerability risk assessments.
• Conduct physical penetration tests and social engineering exercises.
• Support cyber incident response activities as needed.
• Assess the security impact of new system developments or changes.
• Review, evaluate, and test mission‑critical software for security weaknesses.
• Define security compliance requirements for new system capabilities.
• Identify and remediate vulnerabilities across the system lifecycle.
• Audit and assess system security configurations using industry‑standard tools and methodologies.
• Coach development teams to improve understanding of vulnerabilities, attack vectors, and mitigation techniques.
• Collaborate with Systems, Test, and Integration Engineering teams to ensure architecture meets stringent security requirements.
• Develop, implement, and enforce security policies, standards, and methodologies.
• Serve as a security SME to Program Managers, technical experts, and internal teams.

Qualifications

Required Skills & Experience:

• Hands‑on experience using penetration testing tools.
• Experience in web development and programming languages (Java, XML, Perl, HTML).
• Experience with programming/scripting (Python, PowerShell, C, JavaScript, etc.).
• Extensive IT security risk assessment experience.
• Experience performing web application and physical pentests.
• Familiarity with web app security tools (Burp Suite, WebInspect, AppDetective).
• Familiarity with Kali Linux and IPS/IDS solutions.
• Strong understanding of the Cyber Kill Chain methodology.
• Experience applying the Risk Management Framework (RMF).
• Experience securing desktop and server OS configurations.
• Ability to collaborate with technical teams and customers to develop mitigation strategies.
• Ability to manage multiple projects and adapt to changing priorities.

Preferred Qualifications:

• Bachelor's degree in a technical/information assurance field and 12+ years of experience.
• One or more of the following certifications strongly preferred:
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • CEH, CISM, GWEB, CISSP
• Extensive experience designing and implementing integrated security services, including:
  • Network penetration testing
  • Antivirus planning
  • Risk analysis
  • Incident response
• Experience supporting application development security, including system certifications and firewall evaluations.

About WOOD

Fringe Benefits:

• Health Insurance: Comprehensive medical, dental, and vision plans.
• Retirement Plan: 401(k) with company match.
• Paid Time Off: Generous PTO policy including vacation, sick leave, and holidays.
• Professional Development: Opportunities for training, certifications, and career advancement.
• Work-Life Balance: Flexible work schedules and remote work options.
• Wellness Programs: Employee assistance programs, wellness initiatives, and gym membership discounts.

Why Join Us?

• Career Growth: Take advantage of professional development opportunities and career advancement. As a vital part of impactful projects, you will have the chance to drive innovation and shape the future of government systems engineering.

• Supportive Environment: Work in a collaborative and flexible environment that values work-life balance. Join a team of top-tier professionals and engage in dynamic, cross-functional collaboration. Your strategic mindset and proactive approach will be highly valued and supported.

• Competitive Compensation: Enjoy a competitive salary and comprehensive benefits package. We recognize and reward your expertise and dedication to excellence.

WOOD is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.