Senior Penetration Testing Analyst

Overview

This Department of War enterprise data and analytics program delivers mission-critical capabilities that enable leaders across the Department to make faster, better-informed decisions using trusted data dos Digital Modernization sector is seeking an experienced Senior Penetration Testing Analyst Lead to support the delivery, enhancement, and adoption of enterprise data and analytics products used across multiple DoD organizations. In this role, you will work alongside government partners, engineers, and other industry teammates to translate operational and strategic requirements into scalable, production-ready solutions.

You will contribute directly to product planning, execution, and continuous improvement‑helping ensure capabilities are delivered efficiently, aligned to mission priorities, and positioned for sustained success.

• Conduct penetration testing and vulnerability assessments across applications, infrastructure, and cloud environments.
• Support planning and execution of penetration testing events in coordination with Government and authorized testing organizations.
• Identify, analyze, and document vulnerabilities, misconfigurations, and security weaknesses.
• Develop detailed findings, including risk assessments and recommended remediation actions.
• Support validation of remediation efforts and closure of identified vulnerabilities.
• Assist in integrating penetration testing findings into RMF processes, including updates to SSPs, POA&Ms, and BOE artifacts.
• Support continuous monitoring activities by identifying recurring vulnerabilities and systemic risks.
• Utilize security tools (e.g., Nessus, Nmap, Burp Suite, Metasploit, or similar) to conduct testing and analysis.
• Collaborate with cybersecurity engineers, Dev Sec Ops  teams, system engineers, and ISSOs to improve system security.
• Contribute to cybersecurity reporting, dashboards, and documentation for Government stakeholders.
• Support audit and inspection activities by providing penetration testing results and supporting documentation.
• Participate in SAFe ceremonies including PI Planning, backlog refinement, sprint reviews, and retrospectives.

• Active Top Secret (TS) clearance with SCI eligibility.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Assurance, Engineering, or related technical discipline or equivalent training/experience aligned to DoD 8140 pathways.
• At least one of the following foundational qualification pathways consistent with DoD 8140 requirements:
  • Current DoD 8570/8140 baseline certification appropriate for Intermediate Cyber Defense Analyst roles (e.g.,
    CySA+, GCDA, GCIH, or equivalent
    ).
  • Offerings listed in the DoD 8140 Training Repository.
  • Demonstrated equivalent training and experience qualifying under DoD 8140 foundational qualification alternatives.
• 8-12 years of relevant experience in cybersecurity, penetration testing, or vulnerability assessment.
• Minimum of 5 years of experience in penetration testing or related cybersecurity roles.
• At least 2 years of experience in one or more of the following:
  • Incident detection and response
  • Malware analysis
  • Cyber forensics
• Proficiency with at least three of the following tools:
  • Kali Linux
  • Metasploit
  • Burp Suite
  • Cobalt Strike
  • Tenable Nessus
  • Web Inspect
  • Scuba
  • App Detective
• Proven experience in planning, coordinating, and conducting penetration tests.
• Strong understanding of penetration testing tools, techniques, and methodologies.
• Experience working with DoD or Government penetration testing organizations.
• Ability to interpret and communicate penetration test results to technical and non-technical stakeholders.
• Experience in scheduling and managing remediation actions based on penetration test findings.
• Excellent communication and interpersonal skills.

• Active TS/SCI clearance.
• Advanced certifications such as OSCP, CEH, CISSP, or similar.
• Experience with the System or similar DoD data, analytics, and AI platforms.
• Familiarity with DoD cybersecurity policies, standards, and guidelines.
• Experience in a systems engineering or software development environment.
• Knowledge of cloud-based data, analytics, and AI capabilities.
• Strong problem-solving and analytical skills.
• Experience in a customer-facing role, with a focus on customer success and outreach.

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.