Dhaka Technologies Limited Company · 22 hours ago
Penetration Tester (Onsite – Washington, DC)
Washington, DC
Contract
Onsite
Mid LevelDhaka Technologies Limited is seeking an experienced Penetration Tester to support a cybersecurity assessment and program implementation effort for a District government oversight organization. This role will perform quarterly external penetration testing of public-facing systems, support vulnerability identification across applications/systems/networks, and produce executive-ready technical reports aligned to NIST 800-53 (Moderate).
Information Technology & Services
Hiring Manager
Md. Siddiq Hasan
Responsibilities
Conduct quarterly external penetration tests of public-facing web applications and security boundary
Perform ethical exploitation to validate vulnerabilities and demonstrate potential impact (without service disruption)
Support selection of systems for deeper penetration testing based on scanning results and client coordination
Validate exploitation paths and privilege escalation potential (as authorized) to assess lateral movement risk
Execute network mapping, discovery, and vulnerability scanning across defined scope
Conduct web application security assessments aligned to OWASP Top 10 (e.g., XSS, SQLi, auth/session issues, misconfigurations)
Support database security assessment activities (configuration baseline checks, patch validation, limited user rights review, default credential checks—when authorized)
Produce high-quality reports with:
Executive summary
Methodology
Vulnerability matrix (severity-ranked)
Verification evidence
Remediation recommendations and prioritized roadmap
Tooling used, logs/screenshots as needed
Deliver quarterly testing reports and support any retesting/validation requested by the client
Coordinate closely with the Project Manager, GRC team, and Security Architect to ensure findings map to NIST 800-53 control objectives
Participate in weekly status meetings and maintain clear communication on progress, risks, and constraints
Qualification
Required
Demonstrated experience performing penetration testing and vulnerability assessments, ideally in government or regulated environments
Strong web application testing experience (manual + automated) and familiarity with OWASP methodologies
Working knowledge of network protocols, network design, and common enterprise security controls
Ability to write clear, structured, professional security reports for both technical and executive audiences
Strong judgment and professionalism in sensitive environments (confidential data, oversight context)
Preferred
OSCP, GWAPT, CEH, CREST, GIAC (e.g., GSNA/GWEB), CPT/CEPT (Equivalent certifications and demonstrable experience will be considered.)
Experience with common testing tool sets (e.g., Burp Suite, Nmap, vulnerability scanners, web testing frameworks)
Familiarity with enterprise environments, firewalls/IPS, endpoint security controls, and secure configuration baselines
Comfort operating within defined ROE and change-controlled environments
Company
Dhaka Technologies Limited Company
Dhaka Technologies Limited (DTL) is an emerging leader in Full Service IT staffing, recruiting, and consulting, connecting skilled IT professionals with government and private sector clients.
Founded in 2019
2-10 employees
H1B Sponsorship
Dhaka Technologies Limited Company has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2024 (2)
2022 (1)
Funding
Current Stage
Early StageCompany data provided by crunchbase