Penetration Tester, Senior
Listed on 2026-07-15
-
IT/Tech
Cybersecurity, IT Consultant
Required Clearance Level TS/SCI with Polygraph
Would you like to perform rewarding work while contributing to the success of an established, growing company? Navstar is an award-winning organization that has a proven track record of successfully providing IT services and solutions both as a prime and sub‑contractor on mission-focused IT programs. Our employees are integral players in support of mission‑critical programs focused on our National Security.
RoleDescription:
A Lead Penetration Tester is needed to join a high performing agile team using the Scaled Agile Framework (SAFe) methodology on a large, complex program that provides system engineering, development, test, integration and operational support. The selected individual will work on a team of cyber Subject Matter Experts (SMEs) who are providing support to a large, complex technical program for preventing, identifying, containing and eradicating cyber threats to networks through monitoring, intrusion detection, and protective security services on information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connections, public facing websites, security devices, servers and workstations.
She/he will be responsible for the overall security of Enterprise‑wide information systems, and will collect, investigate, and report any suspected and confirmed security violations.
- Perform internal and external pentests against systems to determine vulnerabilities and develop mitigation strategies.
- Perform vulnerability risk assessments.
- Perform physical pentests and social engineering analysis.
- Perform cyber incident response as needed.
- Evaluate the impact of new development on the operational security posture of IT systems.
- Evaluate, review, and test critical software.
- Formulate security compliance requirements for new system features.
- Identify and remediate security issues throughout the system.
- Audit and assess system security configuration settings using common methodologies and tools.
- Work with development teams to enrich team‑wide understanding of different types of vulnerabilities, attack vectors, and remediation approaches.
- Work closely with System Engineering, Test Engineering, and Integration teams to ensure hardware and software architecture and implementations meet strict security requirements.
- Propose, assess, coordinate, implement, and enforce information systems security policies, standards, and methodologies.
- Serve as a Subject Matter Expert in security architecture, to include providing advice to Program Managers, Customer technical experts, and internal program teams.
- To be eligible for this position you must hold an active TS/SCI clearance with Polygraph.
- Must have experience with penetration testing tools.
- Must have experience in web development and programming languages such as Java, XML, Perl and HTML.
- Must have extensive experience performing IT security risk assessments.
- Must have experience performing web app and physical pentests.
- Must have experience with or strong familiarity of the following Web Application tools;
Burp Suite, Web Inspect, App detective. - Must have experience with or strong familiarity of Kali.
- Must have experience with or strong familiarity of IPS/IDS solutions.
- Must have a strong understanding of the Cyber Kill Chain methodology.
- Must have experience applying Risk Management Framework.
- Must have experience with secure configurations of commonly used desktop and server operating systems.
- Must have the ability to effectively collaborate with technical staff and customers to form mitigation strategies and plan for continuous modernization and legacy integration.
- Must have experience managing multiple projects simultaneously and quickly and effectively adjusting to shifting priorities in resolving issues.
Qualifications:
- Bachelor's degree in a technical/information assurance field and at least 12 years of relevant experience.
- Certifications in one or more of the following areas strongly preferred:
- GIAC Web Applications Penetration Tester (GWAPT)
- Certified Ethical Hacker (CEH)
- Certified Information Security Manager (CISM)
- Ce…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).