Penetration Tester III

Penetration Tester III

Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes.

We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.

Title: Penetration Tester III

Location: Washington, DC or Chandler, AZ

Terms: Full-time

Clearance: Active Secret Required

Travel: 0-20%

Position Description

As a Penetration Tester III at Revolutional, you are a senior offensive security practitioner with the range to operate across network, application, cloud, mobile, and IoT environments — and the experience to lead the engagements, not just execute them. You plan and conduct Red Team operations, High Value Asset assessments, and continuous penetration testing programs against complex federal infrastructure, and you produce findings that drive real security improvements.

You bring 5 to 7+ years of hands-on penetration testing experience, deep familiarity with industry-standard methodologies, and the technical credibility to lead a team under operational pressure. You think like an adversary, work within rules of engagement, and translate what you find into clear, actionable reporting for both technical and executive audiences.

Responsibilities

• Plan, lead, and execute penetration tests across network, application, cloud, mobile, and IoT environments using continuous penetration testing methodologies
• Conduct and lead Red Team engagements end-to-end: scoping, planning, execution, post-engagement analysis, and reporting
• Perform High Value Asset (HVA) assessments in accordance with CISA AES HVA assessment standards and methodologies
• Execute penetration tests against federal and commercial cloud environments, mobile device applications, and IoT devices using appropriate platform-specific methodologies
• Apply OSSTMM, OWASP, NIST, PTES, and ISSAF methodologies as appropriate to engagement type, scope, and client requirements
• Leverage a broad toolset for reconnaissance, exploitation, post-exploitation, and lateral movement to conduct comprehensive penetration tests
• Apply MITRE ATT&CK framework to map adversary TTPs, structure engagement findings, and inform defensive recommendations
• Coordinate Blue and Purple Team activities; collaborate with defensive teams to validate detection coverage and improve security posture based on test findings
• Produce clear, thorough penetration test reports with well-documented findings, risk ratings, and actionable remediation guidance for technical and executive audiences
• Manage penetration testing projects and tasks against tight deadlines; lead and mentor junior testers on engagements
• Develop and maintain standard operating procedures, test plans, and technical documentation for penetration testing operations
• Stay current on offensive techniques, adversary tradecraft, vulnerability research, and emerging attack surfaces relevant to the federal environment

What You Bring (Requirements)

Baseline Requirements

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
• Minimum 5 years of hands-on penetration testing experience; 7 years preferred
• Experience in a management or team lead role, managing penetration testing projects and tasks against tight deadlines
• Active Secret clearance

Technical & Domain Capabilities

• Demonstrated experience with continuous penetration testing methodologies across diverse target environments
• Experience planning and conducting Red Team engagements, including scoping, rules of engagement, adversary emulation, and post-engagement reporting
• Experience conducting High Value Asset (HVA) assessments in federal environments
• Hands-on experience with IoT device penetration testing methodologies
• Experience penetration testing federal and commercial cloud environments (AWS, Azure, GCP, or GovCloud)
• Knowledge of Red, Blue, and Purple Team assessment processes and how offensive findings translate to defensive improvements
• Proficiency with MITRE ATT&CK framework applied to engagement planning, TTP mapping, and findings documentation
• Working knowledge of OSSTMM, OWASP, NIST, PTES, and ISSAF penetration testing methodologies
• Proficiency with industry-standard penetration testing toolsets for reconnaissance, exploitation, post-exploitation, and reporting

Core Strengths

• Senior-level technical operator: you lead engagements, not just execute tasks, and your findings hold up under scrutiny
• Methodical and disciplined — you work within rules of engagement, document everything, and don't cut corners under deadline pressure
• Strong communicator: your reports are clear, risk-rated, and written for the audience, whether that's a CISO or a sysadmin
• Collaborative with defensive teams — you see Purple Team work as a force multiplier, not an afterthought

Certifications

The following certifications are required:

Group 1 — Primary (one required)

• GPEN (GIAC Penetration Tester) or GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

Group 2 — Supplemental (one required)

• GRTP, CRTL, OSCP (Offensive Security Certified Professional), CRTP, CMWAPT, CEPT, CPT, or LPT

Additional Requirement

• Must hold or be able to obtain CISA AES HVA Assessment Lead or Technical Lead certification

Nice to Have (Differentiators)

• Both GPEN and GXPN, or additional GIAC offensive certifications (GWAPT, GMOB, GCLOUD)
• OSEP (Offensive Security Experienced Penetration Tester) or OSED (Offensive Security Exploit Developer)
• Experience conducting HVA assessments as Assessment Lead or Technical Lead under CISA AES
• Familiarity with Zero Trust Architecture from an offensive assessment perspective
• Experience with AI/ML system security testing or emerging attack surfaces
• Active TS/SCI clearance