Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Penetration Tester

$123.25k - $166.75k
Full-time

General Dynamics Information Technology

Type of Requisition: Regular Clearance Level Must Currently Possess: None Clearance Level Must Be Able to Obtain: None Public Trust/Other Required: Other Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Automated Testing, AWS Cloud Computing, Infrastructure Penetration Testing, Security Controls, Security Testing Certifications: None Experience: 8 + years of related experience US Citizenship Required: No Job Description: The Penetration Tester supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by conducting security, penetration, and vulnerability assessments required prior to Application ATO (Authority to Operate). This role ensures that CMM applications—built using React, NodeJS, AWS cloud services, and microservices—meet federal security standards and demonstrate resilience against real‑world cyber threats. Working within Agile DevSecOps teams, the Penetration Tester performs hands‑on exploitation, validates security controls, identifies weaknesses, and collaborates with engineering teams to remediate findings. This role is critical to ensure that CMM systems comply with NIST 800‑53, RMF, and AO security requirements before production authorization. Key Responsibilities: Perform application, API, and cloud penetration tests on CMM systems prior to ATO submission. Conduct web, mobile, API, and microservices security testing using industry‑standard tools and manual exploitation techniques. Execute AWS cloud penetration testing within approved boundaries (IAM, S3, Lambda, API Gateway, ECS/EKS, networking). Perform static and dynamic analysis, including code review for security vulnerabilities. Conduct credentialed and uncredentialed scans, privilege escalation testing, and lateral movement analysis. Validate implementation of NIST 800‑53 controls, including AC, AU, IA, SC, SI, and CM families. Support RMF Step 3 (Security Assessment) activities and provide evidence for ATO packages. Identify vulnerabilities across application layers, cloud infrastructure, and CI/CD pipelines. Work with developers, cloud engineers, and DevSecOps teams to validate fixes and retest vulnerabilities. Provide detailed remediation guidance aligned with secure coding and cloud security best practices. Track findings in Jira or equivalent tools and ensure closure prior to ATO milestones. Prepare Security Assessment Reports (SAR), penetration test summaries, and risk findings for AO stakeholders. Document exploitation steps, proof‑of‑concepts, and risk severity aligned with federal scoring methodologies. Contribute to System Security Plans (SSP), POA&Ms, and ATO evidence packages. Support pre‑ATO readiness reviews, including control validation and security walkthroughs. Participate in tabletop exercises, threat modeling sessions, and architecture reviews. Validate system resilience through stress, failover, and adversarial resilience testing. Ensure compliance with federal security standards, including NIST, FISMA, and AO-specific guidelines. Work closely with development teams to integrate security testing into Agile sprints. Provide security insights during sprint planning, backlog refinement, and release readiness reviews. Support secure CI/CD pipeline enhancements, including automated security scanning. REQUIREMENTS: 8+ years of experience in penetration testing, application security, or ethical hacking security roles. Experience documenting test plans, test procedures, and detailed security findings. Experience supporting federal security assessments or enterprise-scale security testing. Hands-on experience performing penetration tests on web applications, APIs, microservices, and cloud environments. Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto, K6 Security, or custom scripts. Experience testing applications built with NodeJS, ReactJS, REST APIs, and microservices. Strong understanding of AWS security, including IAM, VPC, S3, Lambda, API Gateway, ECS/EKS, CloudTrail, and CloudWatch. Experience with NIST 800‑53, RMF, FedRAMP, or federal ATO processes. Ability to interpret logs, metrics, and security telemetry to identify attack paths. Familiarity with SIEM and monitoring tools such as Datadog, ELK, CloudWatch, Grafana. Experience with container security (Docker, Kubernetes, OpenShift). Understanding of network security, distributed tracing, and adversarial testing techniques. Strong analytical, communication, and documentation skills. QUALIFICATIONS: 8+ years of general experience in information systems with BS/BA Degree, or 6+ years with MA/MS Degree 6+ years experience with in integration, regression, and system testing using automated testing tools in web-based applications Experience in writing test cases, test plans, executing test scripts, reporting defects and preparing test results reports Experience in the entire QA Life Cycle, to include designing, developing and execution on the entire QA process and documentation of test plans, test cases, test procedures and test scripts Experience may be considered in lieu of degree CERTIFICATIONS: OSCP, OSWE, GWAPT, GPEN, or similar offensive security certifications. AWS Security Specialty SAFe, DevSecOps, or Agile certifications beneficial. TOOLS & TECHNOLOGIES: Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto K6 Security, custom Python/JavaScript tools AWS CloudWatch, CloudTrail, GuardDuty Datadog, ELK Stack, Prometheus, Grafana Jenkins, GitLab CI/CD, GitHub Actions SAST/DAST tools (SonarQube, Checkmarx, Fortify) Jira, Confluence, SharePoint, MS Teams Power BI, Grafana dashboards COMMUNICATION & ORGANIZATIONAL Excellent presentation and communication (oral and written) skills. Consultant mindset with the ability to work with high level customer stakeholders and build excellent customer relationship. Experience identifying and applying industry tools, solutions, methods best practices, and emerging technologies. Strong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvement. Demonstrated ability to work effectively, independently, and as part of a team. The likely salary range for this position is $123,250 - $166,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: None Telecommuting Options: Remote Work Location: Any Location / Remote Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee’s date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most. Our Identity Verification Process: As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes. About Our Work: We are GDIT. A global technology and professional services company that delivers technology solutions and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50+ countries worldwide, offering leading mission-ready capabilities in AI, cloud, cyber and software development. Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans Opportunity Owned From working with technologies like AI, cyber and cloud to careers in intelligence and health, we offer endless opportunities to apply your expertise to create a safer, smarter world. For more information about GDIT's Privacy Policy, click here: Privacy Policy | GDIT

Vacancy posted 6 hours ago
Similar jobs that could be interesting for youBased on the Penetration Tester in Washington DC vacancy
  •  ...Top Secret Clearance Certifications: Holds or is working toward penetration testing and offensive security certifications appropriate for...  ...). Position Description PingWind is seeking a Penetration Tester responsible for supporting authorized penetration testing and... 
    Suggested
    Temporary work
    Flexible hours

    Medium

    Alexandria, VA
    1 day ago
  •  ...Penetration Tester Locations: Los Angeles (CA), Dallas (TX), Washington DC. Responsibilities: Assist in project scoping and SOW creation Perform offensive engagements including red teaming and penetration testing Perform penetration tests against external... 
    Suggested
    Work experience placement

    WATI

    Washington DC
    4 days ago
  • $95.86k - $208.27k

     ...expand your capabilities, then consider a career in Advisory. KPMG is currently seeking a Senior Specialist, MAST Application Penetration Tester to join our Managed Services practice. Responsibilities: Conduct manual application penetration testing against API'... 
    Suggested
    H1b
    Local area

    KPMG

    Washington DC
    1 day ago
  •  ...Description Tharros is seeking a Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer to support a DHS Intelligence and Analysis cybersecurity program in the National Capital Region. This role will support advanced penetration... 
    Suggested

    ANALYGENCE Inc

    Washington DC
    3 days ago
  •  ...Description The Junior Penetration Tester supports security assessments by planning and executing tests on web applications, infrastructure, cloud environments, and other technologies connected to the client network. Responsibilities include developing test plans, performing... 
    Suggested
    Contract work
    Flexible hours

    Gunnison Consulting Group Inc

    Washington DC
    13 hours ago
  • $160k - $205k

    Koitecc Solutions is seeking a Manual Ethical Hacker to lead assessments on the security of bank's applications and technologies. The role requires a minimum of 5 years of pentesting experience and the ability to perform deep analysis of vulnerabilities. With a competitive...

    Koitecc Solutions

    Washington DC
    2 days ago
  • $66k - $106k

     ...Jr Cyber Penetration Tester Job Locations US-VA-Arlington Requisition ID 2026-167214 Position Category Cyber Security Clearance Secret Responsibilities Peraton is currently seeking a Jr Cyber Penetration Tester... 
    Contract work
    Local area
    Remote work
    Shift work

    Peraton

    Arlington, VA
    13 hours ago
  • SwiftCruit is looking for a Penetration Testing Engineer in Arlington, Virginia, to safeguard critical digital environments. This role involves conducting penetration tests, vulnerability management, and developing security solutions for systems and networks. The ideal... 

    SwiftCruit

    Arlington, VA
    13 hours ago
  • $86.8k - $198k

    Phase2 Technology in Alexandria, Virginia, seeks an experienced Penetration Tester to enhance the security of critical digital environments. Your role will involve conducting thorough penetration testing, vulnerability assessments, and implementing risk mitigation strategies... 

    Phase2 Technology

    Alexandria, VA
    13 hours ago
  • $86.8k - $198k

    Phase2 Technology is seeking a Penetration Tester to safeguard critical digital environments. In this role, you'll conduct penetration testing, perform vulnerability management, and ensure system security. Your expertise will help identify weaknesses and provide actionable... 

    Phase2 Technology

    Arlington, VA
    1 day ago
  •  ...functional teams on security strategy and risk management. As part of the team, your primary responsibility will be performing hands on penetration testing of some of JPMC’s most critical applications, platforms, and third-party assets. You will work with application... 
    Worldwide

    JPMorgan Chase & Co.

    Washington DC
    4 days ago
  •  ...Penetration Tester LOCATION Tysons, VA 22182 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a highly skilled and proactive Penetration Tester to join our cybersecurity team. In this role, you will identify... 
    Temporary work
    For contractors
    Immediate start
    Flexible hours

    Cymertek

    Falls Church, VA
    2 days ago
  •  ..., and other cyber intelligence reports Required Skills Experience as a hands-on cybersecurity analyst (i.e. SOC Analyst or Penetration Tester) is required Experience with the analysis and characterization of cyber attacks Skilled in identifying different classes of... 
    For contractors

    kozmetickesluzby.vecnakraska.sk - Jobboard

    Arlington, VA
    1 day ago
  • $160k - $205k

     ...findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high‑value findings Experience performing manual web application... 
    Shift work
    Day shift

    Koitecc Solutions

    Washington DC
    1 day ago
  • A leading cybersecurity consultancy is seeking a Cybersecurity Vulnerability Analyst based in Arlington, VA. The role requires an active Top Secret Security Clearance and 5+ years of experience, focusing on vulnerability analysis for federal clients. Candidates must exhibit...

    Node.Digital

    Arlington, VA
    2 days ago
  • ASRC Federal is looking for a Vulnerability Assessor in Alexandria, VA who will support the DoWEA Enterprise Cyber Program. This hybrid role involves identifying and analyzing system vulnerabilities to enhance cybersecurity compliance. The ideal candidate will have over...

    ASRC Federal Holding Company

    Alexandria, VA
    13 hours ago
  • $86.8k - $198k

    Job Number: R0242221 Vulnerability Assessment Analyst The Opportunity: Join a mission‑driven team supporting the Army by delivering reliable, secure, and high‑quality cybersecurity services that directly impact readiness and daily operations. You will identify, analyze...
    Full time
    Contract work
    Part time
    Local area

    Phase2 Technology

    Alexandria, VA
    1 day ago
  • Overview The Client is looking for analysts to support the implementation of a new child welfare information system. The selected individuals will be part of a team that will work closely with social workers and software engineers to develop scenarios to test the new system...

    AHU Technologies Inc

    Washington DC
    13 hours ago
  • The Computer Network Defense Analyst uses information collected from a variety of sources to monitor network activity and analyze it for evidence of suspicious behavior. Monitoring and analysis are performed to identify and report events that occur, or might occur, within...
    Local area
    Immediate start
    Flexible hours

    Business Computers Management Consulting Group

    Arlington, VA
    1 day ago
  • $70 - $85 per hour

    A trusted staffing and consulting firm seeks an Intrusion Analyst to support federal law enforcement with advanced digital forensic investigations. The role involves detailed forensic analysis, evidence preservation, and expert testimony. Candidates should have a minimum...
    Remote job
    Hourly pay

    Seneca

    Washington DC
    1 day ago
  •  ...DHS Suitability 5+ years of directly relevant experience Experience as a hands-on cybersecurity analyst (i.e. SOC Analyst or Penetration Tester) is required Experience with the analysis and characterization of cyber attacks Skilled in identifying different classes of... 

    Node.Digital

    Arlington, VA
    2 days ago
  • $140.5k - $210k

    Summary Oversees and/or participates in the instrumentation and administration of cybersecurity tools, appliances, and measures to protect the Board’s IT assets and ensure the Board’s ability to conduct its mission. Utilizes cybersecurity tools such as firewalls, proxies...
    Full time
    Work at office

    Federal Reserve Board

    Washington DC
    1 day ago
  • $60k - $105k

    Job Description: Job Description Spry Squared is looking for a Cyber Network Defense Analyst for our client to provide Network Operations Security Center (NOSC) support, cyber analysis, application development, and a 24x7x365 support staff. The Network Operations...
    Shift work
    Night shift
    Afternoon shift

    sprysquared.com

    Washington DC
    1 day ago
  • $140.5k - $210.5k

    Sr. Cybersecurity Analyst II (Sr Vulnerability Analyst) - Information Technology Primary Location: DC‑Washington Employee Status: Regular Overtime Status: Exempt Job Type: Standard Relocation Provided: Yes Compensation: $140,500 - $210,500 (FR PAY GRADE 27‑28) Posting...
    Work at office
    Relocation

    Federal Reserve System

    Washington DC
    1 day ago
  • $140.5k - $210.5k

    The Federal Reserve System is hiring a Sr. Cybersecurity Analyst II in Washington, DC, to oversee the implementation of cybersecurity tools and lead analytical assessments. The role demands a Bachelor's degree in a related field and 6-8 years of experience in cybersecurity...

    Federal Reserve System

    Washington DC
    1 day ago
  •  ...L3Harris Technologies currently has an opening for a User Acceptance Tester with expertise in Test and Integration for an important National Security Program. The successful candidate will support a high performing team of Government and Contractor professionals by testing... 
    For contractors
    Local area

    L3Harris Technologies

    Arlington, VA
    13 hours ago
  • cFocus Software seeks a Penetration Tester to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance. Qualifications: ~ Public Trust... 
    Full time
    Remote work

    cFocus Software Incorporated

    Bethesda, MD
    10 days ago
  • $127.94k - $186.6k

    hackajob is collaborating with Excella to connect them with exceptional professionals for this role. Lead Information Systems Security Officer (ISSO) Arlington, Virginia, United States, Hybrid Excella is a transformative technology firm that helps organizations...
    Work from home
    Home office
    Flexible hours

    Excella

    Arlington, VA
    10 days ago
  • hackajob is collaborating with MANTECH to connect them with exceptional professionals for this role. MANTECH seeks a motivated, career and customer-oriented Senior Information Systems Security Officer (ISSO) to join our team in Washington, D.C . This is an ...
    Work at office
    Remote work

    MANTECH

    Washington DC
    6 days ago
  •  ...identifying candidates for the following position. Requisition Type:Full Time Position Status:  Contingent Position Title: Penetration Tester Location:Arlington, VA Security Clearance:Secret   Duties and Responsibilities The Penetration Testersupports this... 
    Full time
    For contractors

    gTANGIBLE Corporation

    Arlington, VA
    a month ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Penetration Tester. Be the first to apply!