Apply on Employer Site

WOOD Federal Solutions · 12 hours ago

Penetration Tester, Lead

Annapolis Junction, MD

Full-time

Onsite

Senior Level, Lead/Staff

$100K/yr - $200K/yr

12+ years exp

WOOD Federal Solutions is seeking a highly skilled Lead Penetration Tester to join a high-performing Agile team supporting a major system engineering program. The role involves conducting penetration tests, assessing security vulnerabilities, and collaborating with technical teams to enhance cyber defense strategies.

ConsultingInformation TechnologySecurity

Diversity & Inclusion

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conduct internal and external penetration tests to identify vulnerabilities and recommend mitigation strategies

Perform web application penetration tests

Execute vulnerability risk assessments

Conduct physical penetration tests and social engineering exercises

Support cyber incident response activities as needed

Assess the security impact of new system developments or changes

Review, evaluate, and test mission‑critical software for security weaknesses

Define security compliance requirements for new system capabilities

Identify and remediate vulnerabilities across the system lifecycle

Audit and assess system security configurations using industry‑standard tools and methodologies

Coach development teams to improve understanding of vulnerabilities, attack vectors, and mitigation techniques

Collaborate with Systems, Test, and Integration Engineering teams to ensure architecture meets stringent security requirements

Develop, implement, and enforce security policies, standards, and methodologies

Serve as a security SME to Program Managers, technical experts, and internal teams

Qualification

Penetration testing toolsWeb application securityCyber Kill ChainRisk Management FrameworkIT security risk assessmentKali LinuxProgramming languagesCollaborationProject management

Required

Hands‑on experience using penetration testing tools

Experience in web development and programming languages (Java, XML, Perl, HTML)

Experience with programming/scripting (Python, PowerShell, C, JavaScript, etc.)

Extensive IT security risk assessment experience

Experience performing web application and physical pentests

Familiarity with web app security tools (Burp Suite, WebInspect, AppDetective)

Familiarity with Kali Linux and IPS/IDS solutions

Strong understanding of the Cyber Kill Chain methodology

Experience applying the Risk Management Framework (RMF)

Experience securing desktop and server OS configurations

Ability to collaborate with technical teams and customers to develop mitigation strategies

Ability to manage multiple projects and adapt to changing priorities

Preferred

Bachelor's degree in a technical/information assurance field and 12+ years of experience

One or more of the following certifications strongly preferred: GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), CEH, CISM, GWEB, CISSP

Extensive experience designing and implementing integrated security services, including: Network penetration testing, Antivirus planning, Risk analysis, Incident response

Experience supporting application development security, including system certifications and firewall evaluations