Senior System Security Specialist

Job Summary

We are seeking a highly experienced Senior System Security Specialist to lead advanced offensive security assessments, penetration testing engagements, red team operations, and security architecture evaluations. This role will be responsible for identifying security vulnerabilities across networks, applications, cloud environments, and enterprise systems while providing actionable recommendations to strengthen organizational security posture. The ideal candidate will possess extensive experience in offensive security, threat modeling, incident response support, cloud security assessments, and government or highly regulated environments.

Key Responsibilities

• Conduct internal and external penetration testing of networks, web applications, APIs, cloud platforms, and enterprise systems.
• Perform red team engagements simulating real-world adversary tactics, techniques, and procedures (TTPs) aligned with the MITRE ATT&CK framework.
• Execute vulnerability assessments and validate remediation efforts through retesting and technical verification.
• Develop comprehensive penetration testing reports, including executive summaries, risk assessments, findings, and remediation recommendations.
• Conduct threat modeling and attack surface analysis to identify potential security exposures and risks.
• Perform secure configuration reviews of operating systems, network infrastructure, cloud environments, and identity platforms.
• Evaluate application security using dynamic and manual testing methodologies, including authentication, session management, access control, and input validation assessments.
• Review source code to identify security vulnerabilities and secure coding gaps.
• Develop and maintain scripts, tools, and automation capabilities to support offensive security testing activities.
• Support incident response investigations by validating attack scenarios, recreating attack chains, and assisting with root cause analysis.
• Assess Zero Trust architectures, micro-segmentation strategies, and identity-centric security controls.
• Conduct phishing simulations and social engineering exercises to evaluate organizational security awareness and resilience.
• Present technical findings and risk assessments to executive leadership, business stakeholders, and technical teams.
• Collaborate with engineering, infrastructure, DevOps, and security teams to remediate vulnerabilities and improve security controls.
• Contribute to the development of security standards, testing methodologies, policies, and procedures.
• Map assessment findings to security frameworks and compliance requirements, including NIST, OWASP, CIS, and related standards.
• Support continuous improvement initiatives for penetration testing, red teaming, and adversary emulation programs.
• Adhere to organizational security, change management, and project governance processes.

Required Qualifications

• Minimum 8 years of progressive cybersecurity experience.
• Minimum 5 years of experience performing penetration testing and/or red team engagements.
• Minimum 5 years of experience conducting:
• Network penetration testing
• Web application security testing
• API security testing
• Internal and external vulnerability assessments
• Threat modeling and attack path analysis
• Minimum 5 years of experience producing formal penetration testing reports and executive-level security assessments.
• Minimum 5 years of experience supporting incident response investigations and validation activities.
• Minimum 5 years of experience using penetration testing and security assessment tools such as:
• Metasploit
• Burp Suite
• Nmap
• Wireshark
• Nessus
• Similar security assessment tools
• Strong knowledge of:
• Secure coding practices
• Application security testing concepts (SAST/DAST)
• Network architecture and segmentation
• Identity and Access Management (IAM)
• Minimum 5 years of scripting or software development experience using languages such as Python, C/C++, PowerShell, Bash, or similar.
• Minimum 5 years of experience working with:
• NIST Cybersecurity Framework
• NIST 800-53
• MITRE ATT&CK
• OWASP Top 10
• Comparable security frameworks
• Minimum 5 years of experience mapping security findings to control frameworks and compliance requirements.
• Strong written and verbal communication skills with the ability to present technical findings to both technical and non-technical audiences.
• Experience working within government, public sector, or highly regulated environments.

Preferred Qualifications

• 10+ years of progressive cybersecurity experience.
• 8+ years of experience in advanced offensive security operations.
• Experience leading red team engagements and adversary emulation exercises.
• Experience conducting phishing simulations, social engineering assessments, and purple team exercises.
• Experience designing, assessing, or validating Zero Trust architectures.
• Experience evaluating micro-segmentation strategies and identity-centric security controls.
• Experience performing cloud security assessments within AWS, Azure, or similar cloud environments.
• Experience assessing containerized environments, including Docker and Kubernetes.
• Experience evaluating Infrastructure-as-Code (IaC) deployments and CI/CD pipelines.
• Strong software development background with experience supporting advanced security research and vulnerability analysis.
• Experience reviewing Java and other compiled-language source code for security vulnerabilities.
• Experience supporting federal, state, or public sector cybersecurity programs.
• Familiarity with FedRAMP, FISMA, IRS Publication 1075, or similar compliance frameworks.

Certifications

• Offensive Security Certified Professional (OSCP)
• GIAC Penetration Tester (GPEN)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• Certified Ethical Hacker (CEH)