Senior Penetration Tester

George Consulting is seeking a Senior Penetration Tester that will lead advanced offensive security assessments in support of Department of Defense (DoD) cybersecurity missions. The role involves planning and executing penetration tests, identifying and exploiting complex vulnerabilities, providing strategic recommendations, and supporting RMF authorization activities. The ideal candidate is a technical leader with extensive hands-on testing experience and a strong understanding of DoD cybersecurity frameworks, tools, and compliance requirements.

• Lead and execute penetration testing engagements on DoD networks, systems, applications, and cloud environments.
• Identify, exploit, and validate vulnerabilities using manual and automated techniques.
• Develop and present proof-of-concept exploits demonstrating operational and mission impact.
• Produce detailed technical reports and executive briefings outlining findings and remediation recommendations.
• Support RMF and eMASS documentation, providing risk analysis and testing evidence.
• Advise system owners and cybersecurity teams on remediation strategies and defensive improvements.
• Mentor junior testers and contribute to red team methodology development.
• Stay current on adversary TTPs, emerging threats, and DoD cybersecurity standards.
• Work independently with limited direction and be self-motivated.
• Work with other contractor teammates and customers daily.
• Work closely with customers to ensure deliverables meet their expectations and arrive in a timely manner.
• Attend and actively participate in team meetings.

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
• 5+ years of penetration testing or offensive security experience, including leading engagements.
• Current DoD 8570.01-M IAT Level III or CSSP Analyst/Tester certification (e.g., CASP+, CISSP, CEH, OSCP, GPEN, GXPN).
• Advanced proficiency with tools such as Kali Linux, Metasploit, Burp Suite, BloodHound, Cobalt Strike, Nmap, and Nessus.
• Strong knowledge of Windows/Linux systems, Active Directory, network protocols, and cloud/virtualized environments.
• Experience with DISA STIGs, HBSS/ACAS, and DoD cyber ranges.
• Familiarity with Zero Trust architectures and DoD cybersecurity reference models.
• Scripting or development skills in Python, PowerShell, or Bash.
• Experience with exploit development, reverse engineering, or ICSC/SCADA testing.
• Prior support to major DoD program offices (e.g., NIWC, NAVAIR, PMA).
• Experience mentoring or managing technical teams.
• Excellent written and verbal communication skills, including briefing senior leadership.

• Mid-Senior level

• Full-time

• Government Relations Services