Red Team Penetration Tester

Overview

Sim Ventions, consistently voted one Virginia's Best Places to Work, is looking for an experienced professional to join our team! As a Red Team Penetration Tester, you will be responsible for conducting penetration testing and conducting offensive cybersecurity operations for the U.S. Government and DoD systems. You will work collaboratively with Blue Team and Cybersecurity professionals to enhance overall cyber posture.

* Position is contingent upon award of contract, anticipated in August of 2026

Travel:
Negligible

An ACTIVE Top Secret Clearance with SCI Eligibility is required for this position. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. US Citizenship is required to obtain a clearance.

Five (5) years' experience in software engineering applied to program development; modeling and simulation applied to DoD or Information Technology systems.

• Linux and Windows
• Strong working knowledge of common Penetration Testing (PENTEST) tools:
• Kali, Metasploit, NMAP, Cobalt Strike
• Penetration Testing (PENTEST)
• Red Team Operations
• Tool/Software Development (exploits/malware, C2, reverse engineering, bug bounties)
• Python, C, C Sharp, C+, Go, Perl, Powershell
• Web Dev/Web App Dev/Web Penetration testing
• NSX, vCenter, vRealize Suite, Horizon View (VDI) and others
• PAN-OS
• Fire Power, Nexus, IOS, ASA
• ONTAP, Snap Mirror
• Active-Directory
• Entra  (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation.
• Automation using Powershell, Power Automate, Logic Apps, Graph API.
• Microsoft Entra  Microsoft 365 in a hybrid environment.
• Experience with Palo Alto, Cisco, VMWare, Net App and Microsoft products.
• Extending or integrating on premises AD with Entra .
• Managing identity and access in Microsoft Entra .
• Experience conducting Red Team operations in an MDE environment.
• Experience with AWS, Cloud Audit, Serverless and Microservice Architecture
• Experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
• Experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (eg OAuth2, SAML, LDAP)
• PHP, ASP, SQL db's, Java, HTML, No SQL
• Minimum certification one of the following:
• Security+, CCNA Security, CySA+, GICSP, SSCP
• Minimum certification as penetration tester and possess one of the following certificates:
• Offensive Security Certs:
  Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Wireless Professional (OSWP)
• SANS Certs:
• SEC
  560 - Network Penetration testing and Ethical Hacking (GPEN Certification), SEC
  542 - Web App Penetration Testing and Ethical Hacking (GWAPT Certification), SEC
  660 - Advance Penetration Testing. Exploit Writing, and Ethical Hacking (GXPN Certification), SEC
  642 - Advanced Web App Penetration Testing and Ethical Hacking, SEC
  564 - Red Team Operations and Threat Emulation
• OSD Sponsored Cyber Operation Academy Course (COAC) graduates.
• Capture the Flag (CTF) participation (DEFCON, Over-The-Wire (OTW), Hack the Box, USS Secure CTF's)
• Security research resulting in a Common Vulnerabilities and Exposures (CVE)

• Debug and reverse engineer software.
• Analyze Windows Events and Linux syslog's, boot logs and dmesg logs.
• Program and debug Web 2.0, Java, Perl, Ada, C+, Tool Command Language (tcl/tk) scripts and graphical user interfaces (GUis) using Microsoft Visual tel and Rational Clear Case for software configuration management.
• Recommend software modifications to systems to mitigate known vulnerabilities.
  Operate and administrate computer systems running HP-UX, UNIX, Solaris, Linux and Microsoft Windows.
• Identify security flaws in compiled and human readable source code. Understand code utilizing Real Time VxWorks and Lynx OS operating systems, Common Object Resource Broker Architecture (CORBA), firewalls and networking protocols.
• Understand how to implement NSA approved encryption technologies and devices. Apply DISA Security Technical Implementation Guides (STIGs).
• Apply virtual hosting and server technology in system architectures. Understand and apply the concept of deceptive technology such as honey pots in system architectures.
• Participate in Code Reviews. Perform Static Source Code Analysis. Author recommendations for improving software and code design.
• Contribute to a System Security Administrator and Operators Manual (SSAOM)

High School Diploma or GED equivalent

Compensation at Sim Ventions is determined by a number of factors, including, but not limited to, the candidate's experience, education, training, security clearance, work location, skills, knowledge, and competencies, as well as alignment with our corporate compensation plan and contract specific requirements.

The projected annual compensation range for this position is $90,000-$150,000 (USD). This…