Red Team Penetration Tester; Top Secret SCI Clearance Required​/ago

Red Team Penetration Tester (Top Secret SCI Clearance Required)

Sim Ventions, consistently recognized as one of Virginia's Best Places to Work, seeks an experienced professional to join our team as a Red Team Penetration Tester. This role focuses on conducting penetration testing and offensive cybersecurity operations targeting U.S. Government and DoD systems. You will collaborate closely with Blue Team and Cybersecurity professionals to significantly enhance overall cyber posture.

Note: This position is contingent upon contract award, anticipated in August 2026.

An ACTIVE Top Secret Clearance with SCI Eligibility is required. Applicants must be U.S. Citizens and will be subject to a security investigation.

Travel:
Negligible

• Conduct offensive cybersecurity operations and penetration testing (PENTEST).
• Debug and reverse engineer software.
• Analyze system logs, including Windows Events, Linux syslog's, boot logs, and dmesg logs.
• Program and debug Web 2.0, Java, Perl, Ada, C++, and Tool Command Language (tcl/tk) scripts and GUIs using Microsoft Visual tel and Rational Clear Case for software configuration management.
• Recommend software modifications to systems to mitigate known vulnerabilities.
• Operate and administrate computer systems running HP-UX, UNIX, Solaris, Linux, and Microsoft Windows.
• Identify security flaws in compiled and human readable source code.
• Understand and utilize code for real-time VxWorks and Lynx OS operating systems, Common Object Resource Broker Architecture (CORBA), firewalls, and networking protocols.
• Implement NSA approved encryption technologies and devices, and apply DISA Security Technical Implementation Guides (STIGs).
• Apply virtual hosting, server technology, and deceptive technology (e.g., honey pots) in system architectures.
• Participate in Code Reviews and perform Static Source Code Analysis.
• Author recommendations for improving software and code design.
• Contribute to a System Security Administrator and Operators Manual (SSAOM).

• Five (5) years of experience in software engineering applied to program development, or modeling and simulation applied to DoD or Information Technology systems.
• Proficiency in Linux and Windows operating systems.
• Strong working knowledge of common Penetration Testing (PENTEST) tools:
  Kali, Metasploit, NMAP, Cobalt Strike.
• Expertise in Red Team Operations.
• Experience in Tool/Software Development (exploits/malware, C2, reverse engineering, bug bounties).
• Programming languages:
  Python, C, C Sharp, C++, Go, Perl, Powershell.
• Experience with Web Dev/Web App Dev/Web Penetration testing.
• Familiarity with virtualization and networking technologies: NSX, vCenter, vRealize Suite, Horizon View (VDI), PAN-OS, Fire Power, Nexus, IOS, ASA, ONTAP, Snap Mirror.
• Expertise in Identity and Access Management:
  Active-Directory, Entra  (Azure AD), SSO, MFA, Azure application integration, Identity Federation.
• Automation skills using Powershell, Power Automate, Logic Apps, Graph API.
• Experience managing Microsoft Entra  Microsoft 365 in a hybrid environment.
• Experience with Palo Alto, Cisco, VMWare, Net App, and Microsoft products.
• Experience extending or integrating on premises AD with Entra , and managing identity and access in Microsoft Entra .
• Experience conducting Red Team operations in an MDE environment.
• Cloud experience: AWS, Cloud Audit, Serverless and Microservice Architecture.
• Experience working with AWS services (EC2, S3, KMS, RDS) and relevant security best practices.
• Experience with Web Services penetration testing (RESTful and SOAP) and Web Authentication protocols (e.g. OAuth2, SAML, LDAP).
• Database and scripting knowledge: PHP, ASP, SQL db's, Java, HTML, No SQL.

Minimum certification one of the following:

• Security+, CCNA Security, CySA+, GICSP, SSCP

Minimum certification as a penetration tester and possess one of the following certificates:

• Offensive Security Certs: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Wireless Professional (OSWP)
• SANS Certs: SEC
  560 - Network Penetration testing and Ethical Hacking (GPEN Certification), SEC
  542 - Web App Penetration Testing and Ethical Hacking (GWAPT Certification), SEC
  660 - Advance Penetration Testing. Exploit Writing, and Ethical Hacking (GXPN Certification), SEC
  642 - Advanced Web App Penetration Testing and Ethical Hacking, SEC
  564 - Red Team Operations and Threat Emulation
• OSD Sponsored Cyber Operation Academy Course (COAC) graduates.
• Capture the Flag (CTF) participation (DEFCON, Over-The-Wire (OTW), Hack the Box, USS Secure CTF's).
• Security research resulting in a Common Vulnerabilities and Exposures (CVE).

High School Diploma or GED equivalent

The projected annual compensation range for this position is $90,000-$150,000 (USD). Compensation is determined by factors including experience, education, training, security clearance,…