Lead Penetration Tester TS​/SCI Polygraph

Lead Penetration Tester

Leidos is hiring a Lead Penetration Tester in its National Security Sector's Cyber & Analytics Business Area. This role is part of a high-performing agile team working on a large, complex program that requires securing enterprise-wide information systems.

The selected candidate will perform internal and external penetration tests, web application tests, vulnerability risk assessments, physical pentests and social engineering analysis, as well as cyber incident response and security compliance oversight for LAN/WAN, internet connections, public-facing websites, security devices, servers and workstations. They will evaluate impacts of new development on operational security posture, audit system security settings, and work with development and engineering teams to ensure hardware and software meet strict security requirements.

• Perform internal and external penetration tests to determine vulnerabilities and develop mitigation strategies.
• Perform web application penetration tests.
• Perform vulnerability risk assessments.
• Conduct physical penetration tests and social engineering analysis.
• Provide cyber incident response support as needed.
• Evaluate the impact of new development on the operational security posture of IT systems.
• Review and test critical software for security.
• Formulate security compliance requirements for new system features.
• Identify and remediate security issues throughout the system.
• Audit and assess system security configuration settings using common methodologies and tools.
• Work with development teams to enhance understanding of vulnerabilities, attack vectors, and remediation approaches.
• Collaborate with System Engineering, Test Engineering, and Integration teams to ensure architecture and implementations meet strict security requirements.
• Propose, assess, coordinate, implement, and enforce information systems security policies, standards, and methodologies.
• Serve as a subject‑matter expert in security architecture, providing advice to program managers, customer technical experts, and internal program teams.

• Bachelor's degree in a technical or information assurance field and at least 12 years of relevant experience (additional experience with certifications may substitute for a degree).
• Experience with penetration testing tools.
• Experience with web development and programming languages such as Java, XML, Perl, and HTML.
• Programming/scripting experience in Python, Power Shell, C, JavaScript, or similar.
• Extensive experience performing IT security risk assessments.
• Experience performing web application and physical penetration tests.
• Strong familiarity with Burp Suite, Web Inspect, App detective, Kali, and IPS/IDS solutions.
• Strong understanding of the Cyber Kill Chain methodology.
• Experience applying the Risk Management Framework.
• Experience securing desktop and server operating systems.
• Ability to collaborate with technical staff and customers to develop mitigation strategies and modernization plans.
• Experience managing multiple projects simultaneously and adapting to shifting priorities.

• Certifications in one or more of the following areas: GIAC Web Applications Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Web Application Defender (GWEB), Certified Information Systems Security Professional (CISSP).
• Extensive experience developing & implementing integrated security services management processes, such as assessing and auditing network penetration testing, antivirus planning assistance, risk analysis, and incident response.
• Extensive experience providing information assurance support for application development, including security certifications and evaluations for firewalls and related system design and implementation.

• Competitive compensation.
• Paid time off and 11 paid holidays.
• 401(k) with a 6% company match and immediate vesting.
• Flexible schedules.
• Discounted stock purchase plans.
• Technical upskilling and education support.
• Parental paid leave.

Leidos is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, disability, pregnancy, family status, gender identity, or any other basis prohibited by law.