Red Team Penetration Tester

Red Team Penetration Tester
** at Sim Ventions, Inc - Glassdoor ✪ 4.6 summary:

The Red Team Penetration Tester at Sim Ventions conducts offensive cybersecurity operations and penetration testing primarily for U.S. Government and DoD systems, requiring active Top Secret clearance and extensive experience with penetration testing tools and programming languages. The role involves collaboration with cybersecurity teams to improve security posture, reverse engineering, vulnerability analysis, and software debugging across multiple operating systems and network environments.

Candidates must hold relevant certifications and have strong skills in cloud security, automation, and identity management in hybrid environments.

Sim Ventions, consistently voted one Virginia's Best Places to Work, is looking for an experienced professional to join our team! As a Red Team Penetration Tester, you will be responsible for conducting penetration testing and conducting offensive cybersecurity operations for the U.S. Government and DoD systems. You will work collaboratively with Blue Team and Cybersecurity professionals to enhance overall cyber posture.

** Position is contingent upon award of contract, anticipated in August of 2026. **

An ACTIVE Top Secret Clearance with SCI Eligibility is required for this position. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. US Citizenship is required to obtain a clearance.

Five (5) years' experience in software engineering applied to program development; modeling and simulation applied to DoD or Information Technology systems.

• Linux and Windows
• Strong working knowledge of common Penetration Testing (PENTEST) tools:
• Kali, Metasploit, NMAP, Cobalt Strike
• Penetration Testing (PENTEST)
• Red Team Operations
• Tool/Software Development (exploits/malware, C2, reverse engineering, bug bounties)
• Python, C, C Sharp, C++, Go, Perl, Powershell
• Web Dev/Web App Dev/Web Penetration testing
• NSX, vCenter, vRealize Suite, Horizon View (VDI) and others
• PAN-OS
• Fire Power, Nexus, IOS, ASA
• ONTAP, Snap Mirror
• Active-Directory
• Entra  (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation.
• Automation using Powershell, Power Automate, Logic Apps, Graph API.
• Microsoft Entra  Microsoft 365 in a hybrid environment.
• Experience with Palo Alto, Cisco, VMWare, Net App and Microsoft products.
• Extending or integrating on premises AD with Entra .
• Managing identity and access in Microsoft Entra .
• Experience conducting Red Team operations in an MDE environment.
• Experience with AWS, Cloud Audit, Serverless and Microservice Architecture
• Experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
• Experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g. OAuth2, SAML, LDAP)
• PHP, ASP, SQL db's, Java, HTML, No SQL
• Minimum certification one of the following:
• Security+, CCNA Security, CySA+, GICSP, SSCP
• Minimum certification as penetration tester and possess one of the following certificates:
  • Offensive Security Certs:
    Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Wireless Professional (OSWP)
• SANS Certs:
  • SEC
    560 - Network Penetration testing and Ethical Hacking (GPEN Certification), SEC
    542 - Web App Penetration Testing and Ethical Hacking (GWAPT Certification), SEC
    660 - Advance Penetration Testing. Exploit Writing, and Ethical Hacking (GXPN Certification), SEC
    642 - Advanced Web App Penetration Testing and Ethical Hacking, SEC
    564 - Red Team Operations and Threat Emulation
• OSD Sponsored Cyber Operation Academy Course (COAC) graduates.
• Capture the Flag (CTF) participation (DEFCON, Over-The-Wire (OTW), Hack the Box, USS Secure CTF's)
• Security research resulting in a Common Vulnerabilities and Exposures (CVE)

• Debug and reverse engineer software.
• Analyze Windows Events and Linux syslog's, boot logs and dmesg logs.
• Program and debug Web 2.0, Java, Perl, Ada, C++, Tool Command Language (tcl/tk) scripts and graphical user interfaces (GUis) using Microsoft Visual tel and Rational Clear Case for software configuration management.
• Program and debug Web 2.0, Java, Perl, Ada, C++, Tool Command Language (tcl/tk) scripts and graphical user interfaces (GUis) using Microsoft Visual tel and Rational Clear Case for software configuration management.
• Recommend software modifications to systems to mitigate known vulnerabilities.
  Operate and administrate computer systems running HP-UX, UNIX, Solaris, Linux and Microsoft Windows.
• Identify security flaws in compiled and human readable source code. Understand code utilizing real-time VxWorks and Lynx OS operating systems, Common Object Resource Broker Architecture (CORBA), firewalls and networking protocols.
• Understand how to implement NSA…