Art of the possible.
Penetration Tester
Location
United States
Posted
22 hours ago
Salary
$123.3K - $166.8K / year
Seniority
Mid Level
Job Description
Penetration Tester
General Dynamics Information Technology
Role Description The Penetration Tester supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by conducting security, penetration, and vulnerability assessments required prior to Application ATO (Authority to Operate). This role ensures that CMM applications—built using React, NodeJS, AWS cloud services, and microservices—meet federal security standards and demonstrate resilience against real‑world cyber threats. Working within Agile DevSecOps teams, the Penetration Tester performs hands‑on exploitation, validates security controls, identifies weaknesses, and collaborates with engineering teams to remediate findings. This role is critical to ensure that CMM systems comply with NIST 800‑53, RMF, and AO security requirements before production authorization. Key Responsibilities - Perform application, API, and cloud penetration tests on CMM systems prior to ATO submission. - Conduct web, mobile, API, and microservices security testing using industry‑standard tools and manual exploitation techniques. - Execute AWS cloud penetration testing within approved boundaries (IAM, S3, Lambda, API Gateway, ECS/EKS, networking). - Perform static and dynamic analysis, including code review for security vulnerabilities. - Conduct credentialed and uncredentialed scans, privilege escalation testing, and lateral movement analysis. - Validate implementation of NIST 800‑53 controls, including AC, AU, IA, SC, SI, and CM families. - Support RMF Step 3 (Security Assessment) activities and provide evidence for ATO packages. - Identify vulnerabilities across application layers, cloud infrastructure, and CI/CD pipelines. - Work with developers, cloud engineers, and DevSecOps teams to validate fixes and retest vulnerabilities. - Provide detailed remediation guidance aligned with secure coding and cloud security best practices. - Track findings in Jira or equivalent tools and ensure closure prior to ATO milestones. - Prepare Security Assessment Reports (SAR), penetration test summaries, and risk findings for AO stakeholders. - Document exploitation steps, proof‑of‑concepts, and risk severity aligned with federal scoring methodologies. - Contribute to System Security Plans (SSP), POA&Ms, and ATO evidence packages. - Support pre‑ATO readiness reviews, including control validation and security walkthroughs. - Participate in tabletop exercises, threat modeling sessions, and architecture reviews. - Validate system resilience through stress, failover, and adversarial resilience testing. - Ensure compliance with federal security standards, including NIST, FISMA, and AO-specific guidelines. - Work closely with development teams to integrate security testing into Agile sprints. - Provide security insights during sprint planning, backlog refinement, and release readiness reviews. - Support secure CI/CD pipeline enhancements, including automated security scanning. Qualifications - 8+ years of general experience in information systems with BS/BA Degree, or 6+ years with MA/MS Degree. - 6+ years experience with integration, regression, and system testing using automated testing tools in web-based applications. - Experience in writing test cases, test plans, executing test scripts, reporting defects and preparing test results reports. - Experience in the entire QA Life Cycle, including designing, developing, and executing on the entire QA process and documentation of test plans, test cases, test procedures, and test scripts. - Experience may be considered in lieu of degree. Requirements - 8+ years of experience in penetration testing, application security, or ethical hacking security roles. - Experience documenting test plans, test procedures, and detailed security findings. - Experience supporting federal security assessments or enterprise-scale security testing. - Hands-on experience performing penetration tests on web applications, APIs, microservices, and cloud environments. - Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto, K6 Security, or custom scripts. - Experience testing applications built with NodeJS, ReactJS, REST APIs, and microservices. - Strong understanding of AWS security, including IAM, VPC, S3, Lambda, API Gateway, ECS/EKS, CloudTrail, and CloudWatch. - Experience with NIST 800‑53, RMF, FedRAMP, or federal ATO processes. - Ability to interpret logs, metrics, and security telemetry to identify attack paths. - Familiarity with SIEM and monitoring tools such as Datadog, ELK, CloudWatch, Grafana. - Experience with container security (Docker, Kubernetes, OpenShift). - Understanding of network security, distributed tracing, and adversarial testing techniques. - Strong analytical, communication, and documentation skills. Benefits - Variety of medical plan options, some with Health Savings Accounts. - Dental plan options. - Vision plan. - 401(k) plan with pre and post-tax contribution options and company match. - Full flex work weeks where possible. - Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement, and jury duty leave. - 15 days of paid leave per calendar year for new employees. - 10 paid holidays per year. - Paid Family Leave program providing up to 160 hours of paid leave in a rolling 12 month period for eligible employees. - Short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness, and business travel and accident insurance.
Related Guides
Related Categories
Related Job Pages
More QA Engineer Jobs
Quality Assurance Specialist
CAREWe work to fight poverty and achieve social justice by empowering women and girls. www.CARE.org
• Ensure the highest standards of patient safety and data integrity at clinical research sites through regular quality assurance reviews, site quality support, and assurance compliance with Standard Operating Procedures. • Conduct comprehensive reviews of study-specific regulatory binders and clinical documents to verify they are accurately completed and maintained per GCP standards. • Execute the yearly corporate audit plan, systematically tracking quality assurance audits, monitoring related activities, and preparing detailed outcome reports for management. • Partner directly with research staff and Principal Investigators (PIs) to resolve identified compliance issues, developing, tracking, and monitoring Corrective and Preventative Action (CAPA) plans. • Coordinate and provide hands-on operational support for on-site audits and inspections conducted by external providers, sponsors, and regulatory agencies. • Provide ongoing administrative support to the Quality Department by maintaining internal quality systems, compliance trackers, and operational programs. • Participate in the routine review, drafting, and maintenance of quality assurance Standard Operating Procedures (SOPs) to ensure alignment with evolving regulations. • Act as an internal quality resource to provide ongoing guidance and best-practice recommendations to site personnel and clinical project teams. • Be knowledgeable of evolving GxP guidelines. Ability to critically think, eagerness to learn, and commitment to ensuring compliance. Knowledge of and able to interpret regulatory guidance’s such as 21 CFR Part 11/ Part 312, ICH GCP E6 (R3). • Promote a culture of inspections readiness and continuous improvement. Be flexible to work with risk-based audit agendas and shifting priorities. • Create and deliver training on Quality and Improvement activities. • Support completion of RFP/RFI (Request for proposals/information). • Willingness to learn and engage with digital technologies. • Provide AI project quality support and consultation. • Support other activities related to the management of QMS and accuracy of data. • Support GxP and non GxP quality issues and/or projects needing quality consultation and support.
QA Automation, SSR
redbeeConnecting businesses and technology expertise. Conectando negocios con expertise tecnológico.
• Diseñar, documentar y ejecutar casos y escenarios de prueba, asegurando una cobertura adecuada según la criticidad del producto • Definir y llevar adelante estrategias de testing que garanticen una visión integral de la calidad • Involucrarte en etapas tempranas del desarrollo, participando activamente del ciclo completo del producto para prevenir defectos desde el inicio • Automatizar pruebas utilizando herramientas como Selenium IDE, contribuyendo a la eficiencia y escalabilidad del proceso de QA • Validar APIs REST y SOAP, así como aplicaciones mobile, asegurando el correcto funcionamiento funcional y técnico
Penetration Tester
KyndrylWe design, build, manage and modernize the mission-critical technology systems that the world depends on every day.
• Take charge of the entire lifecycle of customer engagements in cybersecurity • Simulate attacks on computer systems, networks, applications, and digital assets • Conduct comprehensive assessments to identify problem areas • Present visionary solutions to customers and craft personalized proposals • Collaborate closely with other teams to disseminate vital information and recommended countermeasures • Document testing processes, findings, and insightful recommendations
• Gestionar el control documental de los proyectos. • Elaborar y administrar minutas de reuniones. • Realizar seguimiento de acuerdos y compromisos. • Gestionar el versionamiento de documentación. • Administrar repositorios documentales. • Asegurar el cumplimiento de estándares de calidad documental. • Ejecutar revisiones utilizando checklists de calidad. • Brindar soporte metodológico a los equipos de proyecto.




