Penetration Tester, Mid

The Challenge:

Everyone knows security needs to be “baked in” to a system architecture, but you actually know how to bake it in. You can identify and implement ways to harden systems and reduce their attack surface. What if you could use your Cybersecurity subject matter expertise to design and build secure systems for a government customer? We’re looking for a penetration tester who can develop solutions for that will stand up to even the most advanced Cyber threats.

As a Security Engineer on our project, you’ll perform vulnerability assessments and penetration testing following the customer’s prescribed scope statement with authorities derived from the customer’s Enterprise Cybersecurity organization. You’ll coordinate work with Cybersecurity teams and the staff manager who will manage priorities. We need to come up with the best solution, so you’ll investigate new techniques, break free from the legacy model, and drive the customer to where the industry is going. You’ll lead the team through a critical approach to network design, provide alternatives, and customize solutions to maintain a balance of security and mission needs. This is a chance to make a difference in the security of the intelligence community (IC). Your technical expertise will be vital as you help customers overcome their most difficult challenges by integrating secure practices, including network, database, and application penetration testing, identifying, and analyzing vulnerabilities, and recommending corrective measures. You’ll be able to broaden your skillset into areas like the latest exploitation tools, Cloud security practices, and security trends. You’ll help government decision-makers build peace of mind in a mission-critical infrastructure. Join our team, as we improve Cybersecurity to protect the IC. 

Empower change with us.

You Have:

-Experience with performing reconnaissance, privilege escalation persistence, lateral movement, and payload generation against information systems

-Experience with analyzing vulnerabilities, delivering clear and coherent written reporting, identifying network risks, and providing mitigation recommendations

-Experience with conducting penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and, on premise systems

-Experience with translating systems and applications into security test plans, performing hands-on security testing, and leveraging adversarial tactics

-Experience with performing grey and black box penetration testing and system exploitation against desktops, servers, applications, operating systems, and security systems to gain root and administrator access for highly specialized network systems

-Experience with Linux, Windows, wireless, and virtual platforms

-Knowledge of information security policies and guidance

-Ability to assist with researching, evaluating, and developing security policies and guidance

-TS/SCI clearance with a polygraph required

-BA or BS degree required

Nice If You Have:

-Experience with securing traditional legacy solutions and hybrid- and Cloud-based solutions

-OSCP, CEH, CEPT, GPEN, GXPN, CRTOP, CPT, LPT Master, or CompTIA PenTest+ Certification


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance with polygraph is required.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in Cybersecurity—fully funded without a tuition cap.

Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1, CJ1, NSG1

Not ready to apply? Join our talent community and sign up for job alerts.