Apply on Employer Site

Praescient Analytics · 2 months ago

Penetration Testing Engineer, Senior - Army (TS/SCI)

Arlington, VA

Full-time

Onsite

Senior Level

5+ years exp

Praescient Analytics is a mission-focused technology and analytics company dedicated to delivering innovative solutions for the defense, intelligence, and law enforcement communities. They are seeking a Senior Penetration Testing Engineer to support Army programs, who will be responsible for executing penetration tests, conducting vulnerability assessments, and collaborating with teams to enhance security measures.

AnalyticsBig DataOpen SourceSoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Plan, develop, and execute comprehensive penetration tests against applications, services, hosts, and networks to identify security weaknesses and exploitability

Perform hands-on offensive activities including reverse shells, SQL injection, buffer overflow analysis, trojan/backdoor development, password-cracking, privilege escalation, and social-engineering campaigns where authorized

Conduct threat and vulnerability assessments, risk analysis, and recommend pragmatic mitigation strategies

Develop attack vectors, perform reconnaissance, OSINT collection, enumeration, footprinting, and build exploit payloads/backdoors for testing purposes

Test system and software modifications to validate security posture prior to deployment

Document findings clearly and concisely in vulnerability reports and trackers; maintain databases of known defects and test artifacts

Participate in software design and architecture reviews to provide security input on requirements and operational characteristics

Integrate vulnerability management processes and tools into development/operational workflows; advise on secure coding and configuration baselines

Mentor junior testers and contribute to team best practices, playbooks, and test automation

Support red team / purple team engagements and collaborate with defensive teams to validate mitigations

Qualification

Penetration TestingVulnerability ManagementOffensive SecurityExploit DevelopmentCommon Pentest ToolsIAT Level III CertificationProgramming/Scripting SkillsWeb Application VulnerabilitiesCommunication SkillsTeam Collaboration

Required

Active TS/SCI clearance - Required

GPEN (GIAC Penetration Tester) or OSCP (Offensive Security Certified Professional) — Required

Minimum 5+ years hands-on experience in penetration testing, vulnerability assessment, or offensive security roles

Strong practical experience with common pentest tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Empire, Cobalt Strike, password-cracking tools) and offensive distributions (Kali, Parrot)

An IAT Level III certification (one of the following: CASP, CCNP, CISA, CISSP, or GCIH)

Proven ability to develop and modify exploits, payloads, and backdoors; experience with reverse engineering and debugging

Solid programming/scripting skills (Python, Bash, PowerShell). Comfortable reading or writing C/C++/assembly when needed for exploit development or binary analysis

Deep understanding of web application vulnerabilities (OWASP Top 10), network protocols, authentication systems, and privilege escalation techniques

Experience with vulnerability management workflows and bug-tracking systems

Excellent written and verbal communication skills; ability to produce high-quality technical reports tailored to technical and non-technical stakeholders

U.S. citizenship required