Talent.com
No longer accepting applications
Penetration Tester

Penetration Tester

LTSWashington, DC, United States
17 days ago
Job type
  • Full-time
Job description

LTS is seeking an experienced Penetration Tester to perform comprehensive and continuous security assessments across a wide array of enterprise IT systems, applications, networks, and devices. This role is critical to the Department of Commerce's mission to ensure cyber resilience by identifying exploitable vulnerabilities, simulating real-world threat scenarios, and validating the effectiveness of implemented security controls. The Penetration Tester will collaborate closely with Cyber Threat Intelligence (CTI), SOC, and other cybersecurity teams to develop test plans, execute assessments, and provide actionable recommendations that strengthen the security posture across the organization. This position is on-site in Washington D.C. The position is contingent on the award.

LTS provides trusted consulting, and solutions in an increasingly complex and growing world. Our deep expertise in technology and analytics helps us serve a broad constituency of clients that range from cabinet-level departments of the U.S. Government to the largest Federal IT contractors in the world.

LTS is a leading information technology (IT) provider for mission critical systems leveraging the latest technologies to deliver cutting edge solutions from small mobile applications to large, complex enterprise applications. Our professionals specialize in multiple disciplines including program management, system integration, system design, system development, cybersecurity, infrastructure and data analytics.

Responsibilities :

  • Perform continuous and ad hoc penetration testing on enterprise IT systems to identify vulnerabilities and test control effectiveness.
  • Execute network mapping, vulnerability scanning, and phishing simulations, and provide analysis and mitigation recommendations.
  • Use both automated and manual testing methods to uncover exploitable security weaknesses.
  • Conduct penetration tests on a wide range of technologies including :

Mobile devices and apps (iOS, Android, Windows)

  • Web applications, websites, and APIs
  • Database systems and functions
  • Network infrastructure and services
  • Source code for logic flaws and security vulnerabilities
  • Simulate threat actor techniques (e.g., APT tactics) to assess detection and response effectiveness.
  • Validate remediations for Critical and High-risk vulnerabilities by conducting retests and verifying resolution.
  • Develop and maintain penetration testing schedules : quarterly, annual, and on-demand.
  • Perform Red Team testing to emulate adversary tactics and techniques, and Phishing Assessments to test user awareness.
  • Determine the likelihood and impact of exploitation by attempting to :

    • Bypass authentication and authorization controls

  • Escalate privileges or hijack accounts
  • Alter or corrupt data
  • Break application session management and logic
  • Exploit cryptographic weaknesses

    • Required Skills, Experience & Qualifications :

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field is required.
  • A minimum of 6 years of hands-on experience conducting penetration testing, vulnerability assessments, or red teaming.
  • Secret Security Clearance.
  • Professional industry certifications highly preferred (OSCP, GIAC, GPEN or GXPN, CompTIA PenTest , CEH, CRTP or OSEP).
  • Strong technical knowledge of penetration testing methodologies, tools, and frameworks (e.g., OWASP, MITRE ATT&CK).
  • Proficiency with tools such as Nmap, Nessus, Burp Suite, Metasploit, Wireshark, and Cobalt Strike.
  • Experience conducting network scanning, vulnerability assessments, and manual exploit validation.
  • Ability to write detailed technical reports outlining findings, risk levels, and recommended mitigations.
  • Familiarity with web application security, secure coding principles, and common exploit vectors (SQLi, XSS, CSRF, etc.).
  • Understanding of Active Directory attacks, privilege escalation techniques, and lateral movement strategies.
  • Experience supporting federal systems and compliance frameworks (FISMA, NIST RMF, FedRAMP).
  • Familiarity with SIEM and eGRC tools (e.g., Splunk, Archer) and their role in post-test reporting and continuous monitoring.
  • Excellent written and verbal communication skills, including the ability to brief technical content to non-technical audiences.
    • Create a job alert for this search

    Penetration Tester • Washington, DC, United States