• Perform independent vulnerability assessments and penetration testing of web applications, following established methodologies and rules of engagement.
• Identify, analyze, and exploit critical security vulnerabilities in client systems, applications, and networks, including web application-specific issues.
• Integrate threat intelligence into assessments and red team activities to ensure engagements reflect realistic, current attack patterns.
• Conduct comprehensive information gathering, including: open-source intelligence, network mapping and service enumeration, identify publicly available information about the stakeholder environment, discover valid user credentials, determine detailed information about an organization's network architecture.
• Perform manual web application security reviews in addition to automated scanning.
• Test the response and detection capability of an organization, reporting on entry methods and additional access achieved.
• Verify firewall rule configurations, ensuring proper handling of network traffic from customer and non-customer sources.
• Prepare detailed reports outlining vulnerabilities and providing actionable, risk-based recommendations for remediation.
• Develop, customize, and maintain tools to enhance assessment and red team capabilities, particularly for web application testing.
• Stay updated on emerging attack vectors, vulnerabilities, and security technologies to inform assessments and methodologies, especially in the realm of web application security.
• Adhere to ethical hacking practices, ensuring the security and integrity of assessments without disrupting operations or compromising live data.
• Assess system and network configurations to detect deviations from accepted security standards and policies, with a focus on web application environments.

Required Qualifications

• 2 years of operational penetration testing related experience
• Strong experience conducting red team operations and adversary emulation independently.
• Expertise in vulnerability assessments, focusing on advanced application security and cloud environments.
• Proficient in ethical hacking techniques, code reviews, and security auditing.
• Knowledge of key security tools and scripting languages (e.g., Kali Linux, Metasploit, Cobalt Strike, PowerShell, Python).
• Experience working with cloud platforms (AWS, Azure, GCP) and containerization technologies.
• Familiarity with the MITRE ATT&CK framework for structuring red team engagements.
• Strong understanding of government and industry compliance frameworks (e.g., NIST, FISMA, HIPAA).
• Strong communication skills to present technical findings to both technical and non-technical audiences.
• U.S. Citizenship required
• DHS Suitability (EOD)
• OSCP, OSCE, GPEN, GXPN, or equivalent required.

Preferred Qualifications

• Experience in military, Intelligence Community, or Law Enforcement is highly valued.

Who You Are

A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment. Intellectually curious with a genuine desire to learn and advance your career. An effective communicator, both verbally and in writing. Customer service-oriented and mission-focused. Critical thinker with excellent problem-solving skills

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.