Senior Penetration Tester with Security Clearance

Who we are: ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a "work hard, play hard" mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community. The Perks: As recognized members of the Cyber Elite, we work together in partnership to defend our nation's critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc. Who we're looking for: We are seeking a Senior Penetration Tester with a strong background in conducting comprehensive security assessments of agency systems, applications, and networks. The ideal candidate will have expertise in penetration testing methodologies, vulnerability exploitation, and threat modeling, with the ability to develop penetration testing documentation, including SOPs, test plans, and reports. The Sr Penetration Tester role requires a proactive professional who can collaborate with system administrators, developers, and security teams to identify, analyze, and remediate security weaknesses. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. What you'll be doing: Developing Penetration SOPs, Test Plans, Pen Testing Reports. Conducting comprehensive penetration tests on agency systems, applications, and networks to identify vulnerabilities and assess security posture. Developing or modifying tools that automate discovery or exploitation (e.g., bash, Python, JavaScript and PowerShell). Develop and execute comprehensive test plans, including threat modeling, exploitation, and post-exploitation analysis. Delivering detailed reports outlining security risks, vulnerabilities, and recommended mitigation actions to stakeholders. Collaborate with system administrators, developers, and security teams to remediate identified security weaknesses. Effectively communicate technical findings, risks, and recommendations to both technical and non-technical stakeholders. Ability to convey complex security issues in an understandable and actionable manner is critical for driving remediation efforts and strengthening the organization's security posture. Work with customers to define the scope, objectives, and rules of engagement for penetration tests. Clarify testing methodologies, timelines, and expected outcomes to ensure alignment with customer expectations. Provide ongoing updates during engagements to keep customers informed of progress. Deliver detailed reports outlining identified vulnerabilities, exploitation methods, and risk assessments. Develop executive summaries for leadership, translating technical risks into business impact. Present prioritized remediation strategies based on the severity and exploitability of findings. Conduct debriefs meetings to walk through findings, answer questions, and provide guidance on mitigation efforts. What you need to know: Experience providing Incident Response capabilities. Ability to research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits. Demonstrated success and understanding of accepted frameworks such as, ISO/IEC 27001, COBIT, and NIST, including 800-53. Experience compiling and maintaining internal standard operating procedure (SOP) documentation. Experience working with host identification and exploitation of vulnerabilities. Knowledge of phishing procedures. Knowledge of script writing and crafting of payloads. Knowledge of database operations and system/network administration. Experience briefing findings to stakeholders and recommending remediations. Must have's: Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a related field from an accredited college or university. Minimum of 5 years of experience conducting penetration testing. Experience with penetration testing tools such as Metasploit, Nmap and Burp Suite. Experience conducting penetration tests of mainframes, cloud systems, mobile, Software-as- a-Service and APIs. Demonstrated experience writing and reviewing technical and non-technical. Ability to quickly grasp complex technical concepts and make them easily understandable in text and pictures. Excellent verbal and written skills. Strong working knowledge of Microsoft Office. Requires U.S. citizenship in compliance with federal contract requirements. Beneficial to have the following: Relevant industry certification. Where it's done: Remote (Herndon, VA).