Penetration Tester with Security Clearance

Who we are: ShorePoint is a fast–growing, industry recognized, and award–winning cybersecurity services firm with a focus on high–profile, high–threat, private and public–sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a "work hard, play hard" mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.

The Perks: As recognized members of the Cyber Elite, we work together in partnership to defend our nation's critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.

Who we're looking for: We are seeking a skilled Penetration Tester with experience conducting security assessments of web applications, mobile platforms, APIs, and client–side tools. The ideal candidate will have a strong background in penetration testing methodologies, proficiency in using industry–standard tools, and a proven ability to identify and remediate vulnerabilities. The Penetration Tester role involves working closely with clients and internal teams to enhance security posture and ensure compliance with federal standards. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast–growing company in the cybersecurity market.

1. Conduct security assessments of web applications, mobile applications, databases, client–side tools, and APIs.
2. Collaborate with team members and clients to define project scopes, develop business cases, review test results, and identify remediation steps.
3. Perform risk analysis and root cause analysis for security findings.
4. Use approved test protocols and procedures to perform network– and application–level penetration tests.
5. Generate comprehensive reports with detailed findings, exploitation procedures, and mitigation strategies.
6. Participate in client meetings, providing incremental progress updates, and addressing roadblocks or technical challenges.
7. Attend client meetings to document findings, record technical interviews, and create detailed reports and memoranda.
8. Execute script writing and payload crafting to simulate attacks and evaluate system security.

1. Strong knowledge of penetration testing methodologies and best practices for assessing system security.
2. Familiarity with security assessment tools and techniques used in identifying vulnerabilities across networks, applications, and cloud technologies.
3. General understanding of federal cybersecurity frameworks, compliance standards, and risk management principles.
4. Proficiency in analyzing and communicating complex security findings to both technical and non–technical stakeholders.

1. Demonstrated ability to apply critical thinking to develop undefined tasks into actionable processes and work streams.
2. Experience using scanning tools like Nessus and Nmap, as well as penetration tools like the Kali Linux suite, Burp Suite and Metasploit.
3. One or more of the following certifications: OSCP, OSWA, OSWE, CBBH, GWAPT or other relevant hands–on certification.
4. Knowledge of FISMA and NIST 800 series standards.
5. Ability to participate in cybersecurity control testing engagements for the customer's network, websites, applications, and cloud technologies.
6. Proven experience in web application penetration testing.
7. Experience in network mapping, vulnerability scanning, and penetration testing of web applications.
8. Experience using approved test protocols and procedures to conduct network and application–level penetration tests.
9. Experience attending client meetings, recording internal and technical client interviews and preserving the contents of reports and memoranda.
10. Experience in script writing and crafting of payloads.
11. Must be willing to travel as needed.
12. Must be able to obtain and maintain a Secret Clearance.

1. Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a related field.

Where it's done: Remote (Herndon, VA).