Responsibilities for this job include: Lead and oversee all of SecureIT s stand-alone penetration testing projects, as well as pen testing activities in support of FedRAMP or other security audit/assessment projects Leverage automated scanning, assessment, and exploit tools and (especially) perform focused manual testing procedures to identify and exploit vulnerabilities at all layers of the stack Lead communications, including via formal reports and presentations, with client technical staff and management Maintain SecureIT s penetration testing methodologies and toolsets, as well as develop technical assessment tools (eg, scripts to pull security config data from AWS APIs) Participate in business development (including proposals) and growth of SecureIT s penetration testing services Requirements include: Wide-ranging technical security knowledge across all layers of the stack, across various platforms, and across a variety of vendor products Expertise with standard tools (like nmap, Nessus, BurpSuite, Metasploit) and advanced testing tools (like Cobalt Strike), as well as broad familiarity with open source security projects and tools that can be leverage during testing Demonstrable expertise in manual testing and surfacing vulnerabilities and deficiencies that automated tools often miss Ability to effectively communicate technical security matters, including clearly elaborating on technical details for technical audiences and properly summarizing for non-technical management/business audiences Minimum 5+ years total pen testing experience, with at least 3 years in a lead pen tester role At least one hands-on certification related directly to penetration testing (such as SANS GIAC Penetration Tester (GPEN) or OWASP Penetration Tester) and at least one other industry standard cybersecurity certification