Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Penetration Tester [Remote]

Gdit

Remote
  • Remote job
Public Trust: Other
Requisition Type: Regular
Your Impact

Own your opportunity to work alongside federal civilian agencies. Make an impact by providing services that help the government ensure the well being and support of U.S. citizens.

Job Description

The Penetration Tester supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by conducting security, penetration, and vulnerability assessments required prior to Application ATO (Authority to Operate). This role ensures that CMM applications—built using React, NodeJS, AWS cloud services, and microservices—meet federal security standards and demonstrate resilience against real‑world cyber threats.

Working within Agile DevSecOps teams, the Penetration Tester performs hands‑on exploitation, validates security controls, identifies weaknesses, and collaborates with engineering teams to remediate findings. This role is critical to ensure that CMM systems comply with NIST 800‑53, RMF, and AO security requirements before production authorization.

Key Responsibilities:

  • Perform application, API, and cloud penetration tests on CMM systems prior to ATO submission.
  • Conduct web, mobile, API, and microservices security testing using industry‑standard tools and manual exploitation techniques.
  • Execute AWS cloud penetration testing within approved boundaries (IAM, S3, Lambda, API Gateway, ECS/EKS, networking).
  • Perform static and dynamic analysis, including code review for security vulnerabilities.
  • Conduct credentialed and uncredentialed scans, privilege escalation testing, and lateral movement analysis.
  • Validate implementation of NIST 800‑53 controls, including AC, AU, IA, SC, SI, and CM families.
  • Support RMF Step 3 (Security Assessment) activities and provide evidence for ATO packages.
  • Identify vulnerabilities across application layers, cloud infrastructure, and CI/CD pipelines.
  • Work with developers, cloud engineers, and DevSecOps teams to validate fixes and retest vulnerabilities.
  • Provide detailed remediation guidance aligned with secure coding and cloud security best practices.
  • Track findings in Jira or equivalent tools and ensure closure prior to ATO milestones.
  • Prepare Security Assessment Reports (SAR), penetration test summaries, and risk findings for AO stakeholders.
  • Document exploitation steps, proof‑of‑concepts, and risk severity aligned with federal scoring methodologies.
  • Contribute to System Security Plans (SSP), POA&Ms, and ATO evidence packages.
  • Support pre‑ATO readiness reviews, including control validation and security walkthroughs.
  • Participate in tabletop exercises, threat modeling sessions, and architecture reviews.
  • Validate system resilience through stress, failover, and adversarial resilience testing.
  • Ensure compliance with federal security standards, including NIST, FISMA, and AO-specific guidelines.
  • Work closely with development teams to integrate security testing into Agile sprints.
  • Provide security insights during sprint planning, backlog refinement, and release readiness reviews.
  • Support secure CI/CD pipeline enhancements, including automated security scanning.

REQUIREMENTS:

  • 8+ years of experience in penetration testing, application security, or ethical hacking security roles.
  • Experience documenting test plans, test procedures, and detailed security findings.
  • Experience supporting federal security assessments or enterprise-scale security testing.
  • Hands-on experience performing penetration tests on web applications, APIs, microservices, and cloud environments.
  • Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto, K6 Security, or custom scripts.
  • Experience testing applications built with NodeJS, ReactJS, REST APIs, and microservices.
  • Strong understanding of AWS security, including IAM, VPC, S3, Lambda, API Gateway, ECS/EKS, CloudTrail, and CloudWatch.
  • Experience with NIST 800‑53, RMF, FedRAMP, or federal ATO processes.
  • Ability to interpret logs, metrics, and security telemetry to identify attack paths.
  • Familiarity with SIEM and monitoring tools such as Datadog, ELK, CloudWatch, Grafana.
  • Experience with container security (Docker, Kubernetes, OpenShift).
  • Understanding of network security, distributed tracing, and adversarial testing techniques.
  • Strong analytical, communication, and documentation skills.

QUALIFICATIONS:

  • 8+ years of general experience in information systems with BS/BA Degree, or 6+ years with MA/MS Degree
  • 6+ years experience with in integration, regression, and system testing using automated testing tools in web-based applications
  • Experience in writing test cases, test plans, executing test scripts, reporting defects and preparing test results reports
  • Experience in the entire QA Life Cycle, to include designing, developing and execution on the entire QA process and documentation of test plans, test cases, test procedures and test scripts
  • Experience may be considered in lieu of degree

CERTIFICATIONS:

  • OSCP, OSWE, GWAPT, GPEN, or similar offensive security certifications.
  • AWS Security Specialty
  • SAFe, DevSecOps, or Agile certifications beneficial.

TOOLS & TECHNOLOGIES:

  • Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto
  • K6 Security, custom Python/JavaScript tools
  • AWS CloudWatch, CloudTrail, GuardDuty
  • Datadog, ELK Stack, Prometheus, Grafana
  • Jenkins, GitLab CI/CD, GitHub Actions
  • SAST/DAST tools (SonarQube, Checkmarx, Fortify)
  • Jira, Confluence, SharePoint, MS Teams
  • Power BI, Grafana dashboards

COMMUNICATION & ORGANIZATIONAL

  • Excellent presentation and communication (oral and written) skills.
  • Consultant mindset with the ability to work with high level customer stakeholders and build excellent customer relationship.
  • Experience identifying and applying industry tools, solutions, methods best practices, and emerging technologies.
  • Strong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvement.
  • Demonstrated ability to work effectively, independently, and as part of a team.

Work Requirements

Years of Experience

8 + years of related experience

* may vary based on technical training, certification(s), or degree

Certification

AWS Certified Security - Specialty | Amazon Web Services (AWS) - Amazon Web Services (AWS)

Travel Required

None

Vacancy posted 6 days ago
Similar jobs that could be interesting for youBased on the Penetration Tester [Remote] in Remote vacancy
  • $168.5k

     ...Barclays to connect them with exceptional professionals for this role. What will you be doing? Barclays Services Corp. seeks Penetration Tester, AVP (multiple positions) in Whippany, NJ: Scope and execute penetration tests and code review against a variety of... 
    Suggested
    Hourly pay
    Remote work

    Barclays

    New Jersey
    4 days ago
  • $86.9k - $198k

     ...Job Number: R0243365 Location: Fort Meade,MD,US Share job via: Share Penetration Tester The Opportunity: Conduct testing and analysis to identify vulnerabilities and potential threat vectors in systems and... 
    Suggested
    Full time
    Contract work
    Part time
    Work at office
    Local area
    Remote work

    Booz Allen Hamilton

    United States
    1 day ago
  •  ...Penetration Tester As a penetration tester, you'll need to understand complex computer systems and technical cyber security terms. You'll need to do: Plan and create penetration methods, scripts and tests Carry out remote testing of a client's network or on-site testing... 
    Suggested
    Remote work

    InterSources

    Fremont, CA
    2 days ago
  •  ...Senior Web Application Penetration Tester Annapolis, Maryland SIXGEN's mission is to deliver agile, mission-ready cybersecurity solutions that empower government and critical infrastructure organizations to stay ahead of advanced cyber threats. We combine innovation... 
    Suggested
    Full time
    Temporary work
    Remote work
    Flexible hours

    SIXGEN

    United States
    2 days ago
  •  ...Principal Penetration Tester Altus Consulting seeks a seasoned cybersecurity professional to spearhead our penetration testing initiatives. As a key member of our elite team, you'll play a crucial role in safeguarding some of the world's most critical digital infrastructure... 
    Suggested

    Altus Consulting Corp

    Herndon, VA
    4 days ago
  •  ...Job Title: Penetration Tester (Ethical Hacker) Job Summary: We are seeking a skilled Penetration Tester to identify, assess, and help remediate security vulnerabilities across applications, networks, cloud environments, and enterprise systems... 
    Full time
    Remote work

    Ova Technologies

    United States
    3 days ago
  •  ...Title: Penetration Tester Location - Remote Duration: 12-Month Contract Experience Range: 8-10 years Our client is seeking a Penetration Tester with 8-10 years of experience to review and validate vulnerability reports, perform targeted... 
    Contract work
    Remote work

    RIT Solutions, Inc.

    New York, NY
    4 days ago
  • $35 - $40 per hour

     ...Immediate need for a talented Penetration Tester . This is a 06+ Months Contract opportunity with long-term potential and is located in Johns Creek, GA (Hybrid) . Please review the job description below and contact me ASAP if you are interested. Job ID:26-08601... 
    Contract work
    Local area
    Immediate start
    Remote work

    Pyramid Consulting

    United States
    2 days ago
  • $86.9k - $198k

     ...Job Number: R0243365 Penetration Tester The Opportunity: Conduct testing and analysis to identify vulnerabilities and potential threat vectors in systems and networks, develop exploits, and engineer attack methodologies. Leverage understanding of MITRE ATT&CK... 
    Full time
    Contract work
    Part time
    Work at office
    Local area
    Remote work

    Booz Allen Hamilton

    Maryland
    4 days ago
  •  ...Penetration Tester (Remote from LATAM) 100% Remote from Latin America We're looking for an experienced Penetration Tester. If you're into offensive security, love breaking into systems (legally!), and have hands-on experience with tools like Burp Suite, Metasploit... 
    Remote work

    3B Staffing LLC

    Atlanta, GA
    4 days ago
  •  ...The Penetration Tester is responsible for working as part of the Assessment Team to conduct and participate in offensive and defensive security projects for OccamSec and its clients. This individual will work as part of a security team and report to an Assessment Team... 
    Remote work
    Flexible hours

    OSEC

    United States
    3 days ago
  •  ...Penetration Tester Join a team where your work goes beyond checklists protecting critical Network and Cloud environments with real business and regulatory impact. Why join this team? High-impact, meaningful work Directly influence the security of Network/Cloud... 
    Work experience placement
    Local area
    Remote work

    Bmo

    United States
    1 day ago
  • $115k - $203k

     ...Senior Penetration Tester Job Description Overview CoStar Group is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index, CoStar Group is on a mission to digitize the... 
    Hourly pay
    Full time
    Work at office
    Work from home
    Monday to Thursday

    CoStar Realty Information, Inc.

    Arlington, VA
    1 day ago
  •  ...Sr. Penetration Tester Amyx is seeking a Sr. Penetration Tester for our DOD client to work remotely. Responsibilities Independently performs penetration testing of applications, systems and enclaves Identifies security flaws in computing platforms and applications... 
    Temporary work
    For contractors
    Remote work
    Flexible hours

    Amyx

    United States
    2 days ago
  • First Citizens Bank seeks a Penetration Tester to plan and conduct application security assessments from a remote or office location. You will lead tests on complex systems, coordinate with third-party vendors, and document findings for stakeholders while tracking vulnerabilities... 
    Remote job
    Work at office

    First Citizens Bank

    Scottsdale, AZ
    4 days ago
  •  ...the cybersecurity and information assurance sector, is seeking a dedicated and skilled Vulnerability Assessment Analyst and Penetration Tester 3 to join their dynamic team. As a Vulnerability Assessment Analyst and Penetration Tester 3, you will be an integral part of... 
    Weekly pay
    Temporary work
    Remote work
    Flexible hours

    ManpowerGroup Global, Inc.

    Overland Park, KS
    2 days ago
  • Penetration Tester / Offensive Security Consultant Location : Remote (US or Canada) Company : Control Gap, a CyberGuard Advantage company About Us CyberGuard Advantage is a modern cybersecurity compliance and risk advisory firm backed by Atlantic Street Capital. We help... 
    Remote work

    Control Gap Inc.

    New York, NY
    19 hours ago
  • $50 - $85 per hour

     ...Penetration Testers TestPros delivers innovative independent IT assessment solutions to critical challenges facing the nation and the world. We support the U.S. Federal Government and Commercial clients within the continental USA. TestPros is dedicated to making lives... 
    Contract work
    Part time
    For contractors
    Work experience placement
    Immediate start
    Remote work

    TestPros

    United States
    3 days ago
  • $60 per hour

    A leading tech company is seeking experienced cybersecurity professionals to evaluate AI-generated security content and provide critical feedback. This fully remote role allows you to work from anywhere in the US and offers a flexible schedule. Ideal candidates will have...
    Remote work
    Flexible hours

    DataAnnotation

    Wausau, WI
    2 days ago
  •  ...Hackattack in den USA sucht einen Ethical Hacker, der Penetration Tests im Bereich Infrastruktur sowie Web- und Mobile Applications durchführt. Nach einer ausführlichen Einarbeitung wirst Du für die Planung und Durchführung von Tests verantwortlich sein und Security Advisories... 
    Home office

    Hackattack

    New Bremen, OH
    2 days ago
  • A leading technology company is seeking experienced cybersecurity professionals to evaluate AI-generated security content and solve technical problems. The role is fully remote, allowing you to work from anywhere within the US, Canada, UK, Ireland, Australia, or New Zealand...
    Remote work
    Flexible hours

    DataAnnotation

    Jackson, MS
    2 days ago
  • $60 per hour

    A technology company specializing in AI is looking for experienced cybersecurity professionals to evaluate AI-generated security content and design technical security problems. This remote position offers flexibility in scheduling and competitive pay up to $60/hour. Candidates...
    Remote work

    DataAnnotation

    Springfield, IL
    3 days ago
  •  ...is seeking a Pentester to ensure the technological and digital security of the Bank. This role involves planning and conducting penetration tests, coordinating third-party vendors, and analyzing test results. The successful candidate will work remotely or from a corporate... 
    Remote job
    Work at office

    First Citizens

    Raleigh, NC
    3 days ago
  • First Citizens Bank is seeking an experienced penetration tester to plan and conduct application security assessments from a remote location. The role involves coordinating third‑party testing, analyzing findings, and reporting to Application Owners and stakeholders, while... 
    Remote job

    First Citizens Bank

    Houston, TX
    4 days ago
  • $80k - $150k

     ...seeking a passionate information security professional to join our Software Security Team. The Application Security Consultant/Penetration Tester will report to the Practice Lead and be responsible for assisting clients in their software security needs, including... 
    Remote work
    Work from home

    TrustedSec

    Fairlawn, OH
    15 days ago
  • A technology company is seeking experienced cybersecurity professionals to evaluate AI-generated security content and solve technical problems to train AI systems. You will work remotely and enjoy a flexible schedule while helping shape the future of AI technologies for...
    Remote job
    Hourly pay
    Flexible hours

    DataAnnotation

    Boston, MA
    1 day ago
  • $100k - $130k

    Aprio is looking for a Senior Penetration Testing Specialist to join their Risk Advisory and Assurance Services team. With a top-rated culture and vast growth opportunities, this role involves conducting security assessments, developing documentation, and tackling unique... 
    Remote job

    Aprio

    Atlanta, GA
    2 days ago
  • First Citizens Bank is seeking a skilled Penetration Tester to assess and secure complex banking applications from a remote location. You will plan, execute, and document tests, coordinate with third-party vendors, and report findings to stakeholders. The role emphasizes... 
    Remote job

    First Citizens

    Raleigh, NC
    19 hours ago
  • A cybersecurity firm in the United States is seeking a Senior Penetration Tester with at least 5 years of experience. In this full-time role, you will be integral to performing redteam audits, identifying vulnerabilities, and developing mitigations for clients. Ideal candidates... 
    Remote job
    Full time

    P1 Security

    New York, NY
    19 hours ago
  • A cybersecurity AI firm is looking for experienced cybersecurity professionals to evaluate AI-generated security content and solve technical problems. You'll work fully remote with a flexible schedule, earning up to $60/hour with bonuses. Ideal candidates will have 2+ years...
    Remote job
    Flexible hours

    DataAnnotation

    New York, NY
    19 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Penetration Tester [Remote]. Be the first to apply!