This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description SimVentions, consistently voted one of Virginia's Best Places to Work, is looking for an experienced professional to join our team! As a Red Team Penetration Tester, you will be responsible for conducting penetration testing and conducting offensive cybersecurity operations for the U.S. Government and DoD systems. You will work collaboratively with Blue Team and Cybersecurity professionals to enhance overall cyber posture. Position is contingent upon award of contract, anticipated in October of 2026. Qualifications - Five (5) years' experience in software engineering applied to program development; modeling and simulation applied to DoD or Information Technology systems. - Strong working knowledge of common Penetration Testing (PENTEST) tools: Kali, Metasploit, NMAP, Cobalt Strike. - Experience with various programming languages: Python, C, C Sharp, C++, Go, Perl, Powershell. - Experience with Web Dev/Web App Dev/Web Penetration testing. - Experience with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services. - Minimum certification one of the following: Security+, CCNA Security, CySA+, GICSP, SSCP. - Minimum certification as penetration tester and possess one of the following certificates: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Wireless Professional (OSWP). - Capture the Flag (CTF) participation (DEFCON, Over-The-Wire (OTW), Hack the Box, USS Secure CTF's). - Security research resulting in a Common Vulnerabilities and Exposures (CVE). Requirements - Linux and Windows experience. - Penetration Testing (PENTEST) and Red Team Operations. - Tool/Software Development (exploits/malware, C2, reverse engineering, bug bounties). - Experience with NSX, vCenter, vRealize Suite, Horizon View (VDI) and others. - Experience with PAN-OS, FirePower, Nexus, IOS, ASA. - Experience with ONTAP, SnapMirror. - Active-Directory, Entra ID (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation. - Automation using Powershell, PowerAutomate, Logic Apps, Graph API. - Experience conducting Red Team operations in an MDE environment. - Experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g. OAuth2, SAML, LDAP). - Experience with PHP, ASP, SQL db's, Java, HTML, No SQL. Responsibilities - Debug and reverse engineer software. - Analyze Windows Events and Linux syslogs, boot logs and dmesg logs. - Program and debug Web 2.0, Java, Perl, Ada, C++, Tool Command Language (tcl/tk) scripts and graphical user interfaces (GUIs) using Microsoft Visual tel and Rational ClearCase for software configuration management. - Recommend software modifications to systems to mitigate known vulnerabilities. - Operate and administrate computer systems running HP-UX, UNIX, Solaris, Linux and Microsoft Windows. - Identify security flaws in compiled and human readable source code. - Understand how to implement NSA approved encryption technologies and devices. - Apply DISA Security Technical Implementation Guides (STIGs). - Participate in Code Reviews. Perform Static Source Code Analysis. - Contribute to a System Security Administrator and Operators Manual (SSAOM). Education - High School Diploma or GED equivalent. Compensation Compensation at SimVentions is determined by a number of factors, including, but not limited to, the candidate’s experience, education, training, security clearance, work location, skills, knowledge, and competencies, as well as alignment with our corporate compensation plan and contract specific requirements. The projected annual compensation range for this position is $90,000-$150,000 (USD). Benefits - Medical, dental, vision, and prescription drug coverage. - Employee Stock Ownership Plan (ESOP). - Competitive 401(k) programs. - Retirement and Financial Counselors. - Health Savings and Health Reimbursement Accounts. - Flexible Spending Accounts. - Life insurance, short- & long-term disability. - Continuing Education Assistance. - Paid Time Off, Paid Holidays, Paid Leave (e.g., Maternity, Paternity, Jury Duty, Bereavement, Military). - Third Party Employee Assistance Program that offers emotional and lifestyle well-being services, to include free counseling. - Supplemental Benefit Program.

• Working with the Security and ML team, focus on designing and delivering advanced detection and security management capabilities for Stellar Cyber’s Open XDR platform. • Lead the definition, delivery, and adoption of security management-driven initiatives central to the company’s vision of building an Autonomous SOC. • Learn the product portfolio, core architecture, and pipeline of ML initiatives. • Lead an analytics-focused initiative and start driving roadmap alignment. • Drive customer adoption, collect feedback, and refine roadmap priorities based on data and customer insights.

• Serve as a cybersecurity Subject Matter Expert (SME) for the authorization of information systems and associated cybersecurity policies, procedures, and processes. • Apply in-depth knowledge of the DoD Risk Management Framework (RMF) and Authorization to Operate (ATO) processes. • Perform cybersecurity authorization activities or act as an SME supporting systems undergoing authorization. • Assess and evaluate security controls in accordance with NIST SP 800-53. • Analyze vulnerabilities, determine severity levels, and assess potential impacts on current or future system authorizations. • Support authorization efforts for large, complex IT environments consisting of multiple enclaves, AIS applications, and outsourced IT services (e.g., DLA-scale environments). • Brief senior leadership on authorization status, risks, findings, and recommendations. • Ensure compliance with applicable DoD cybersecurity policies and standards.

• Develop and maintain a holistic security architecture roadmap spanning HPC, cloud platforms, on-prem infrastructure, and internal applications • Architect solutions aligned with NIST 800-53, NIST CSF, CIS benchmarks, and other relevant frameworks • Establish and evangelize a Security-by-Design culture across engineering and operational teams • Build automated pipelines for security controls, monitoring, evidence collection, and audit readiness • Engineer automated hardening, patching, and configuration management solutions across infrastructure and cloud assets • Integrate security directly into CI/CD workflows, cloud provisioning, and infrastructure-as-code (IaC) • Conduct hands-on ethical hacking, security testing, threat modeling, and adversarial simulations to validate security controls • Lead or support purple-team activities with Security, Infrastructure, and Software Engineering • Partner with Infrastructure, IT, Engineering, Software Development, Security, and Compliance to ensure unified execution of security policies • Translate regulatory and audit requirements into actionable engineering tasks • Act as a key technical advisor during audits to ensure evidence, control operation, and documentation meet standards • Architect scalable processes that ensure continuous audit readiness and reduce manual evidence creation • Define baseline security standards, technical controls, and operational guardrails • Support certifications, assessments, and customer security reviews