Hiring - Penetration Testing Lead

Hi

Greetings from BizTech Fusion!

BizTechFusion, LLC (BTF) is executing a full-scope cybersecurity penetration testing engagement for our clients. The internal network spans a /16 network across 40,000+ devices at 50+ locations and administrative facilities. External scope is a /24 network with 1 domain. Engagement is black-box external / grey-box internal hybrid, with full exploitation authorized including privilege escalation, lateral movement, and data access. This is an aggressive, enterprise-grade engagement not a compliance scan.

Position Title: Penetration Testing Lead

Location: Remote (US Region, Eastern Time)

Duration: 12 Month Contract with possible renewal

Tax: W2, 1099

Note: US-based personnel mandatory

Job Description

Responsibilities

- Lead all phases of internal and external network penetration testing

- Conduct black-box external assessment against the /24 network and 1 domain

- Execute grey-box internal assessment across the /16 network (~40,000 devices)

- Perform wireless penetration testing across 6 SSIDs at ~50 sites, including 4 on-site visits

- Evaluate the Fortinet firewall configuration and rule set

- Execute full exploitation chain: reconnaissance, initial access, privilege escalation, lateral movement, data exfiltration simulation

- Follow written Rules of Engagement approved by NNPS Executive Director of Technology before testing begins

- Produce technical findings report with CVSS-scored vulnerabilities, exploitation evidence (screenshots, tool output), and prioritized remediation guidance

- Participate in debrief session with NNPS IT leadership

- Provide post-delivery consultation for remediation questions during the 30-day follow-on window

Required Qualifications

- OSCP (Offensive Security Certified Professional) strongly preferred; CEH or GPEN acceptable

- Minimum 5 years of hands-on penetration testing experience

- Demonstrated experience with large internal network engagements (10,000+ devices)

- Proficiency with: Metasploit, Cobalt Strike or equivalent C2 framework, BloodHound/SharpHound, Nmap, Nessus or OpenVAS, Responder, Impacket

- Wireless pen testing experience (WPA2-Enterprise, captive portal bypass, evil twin attacks)

- Experience writing professional technical findings reports suitable for both executive and technical audiences

- US-based; must be able to travel to Newport News, VA for on-site wireless testing visits

Preferred Qualifications

- Experience testing K-12 or public sector networks

- GPEN, GXPN, or OSEP certification

- Familiarity with NIST SP 800-53 Rev 5 reporting framework

- Experience with Active Directory attack paths in large domain environments