Senior Systems Security Specialist in Baltimore, MD

Minimum Qualifications - A Minimum eight (8) years of progressive experience in cybersecurity

- A minimum of five (5) years performing penetration testing or red team engagements.

- A minimum of five (5) years conducting network penetration testing, web application and API testing, internal and external vulnerability assessments and threat modeling and attack path analysis

- A minimum of five (5) years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance.

- A minimum of five (5) years supporting incident response investigations and validation testing.

- A minimum of five (5) years with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Nessus, etc.).

- Strong knowledge of Secure coding practices, Application security testing (SAST/DAST concepts), Network architecture and segmentation and Identity and access management concepts

- A minimum of five (5) years of demonstrated scripting or development ability in at least one language (e.g., Python, C/C++, PowerShell, Bash).

- A minimum of five (5) years of working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK and OWASP Top 10

- A minimum of five (5) years of experience mapping findings to security control frameworks.

- At least one recognized offensive security certification (e.g., OSCP, GPEN, GXPN, CEH, or major experience can substitute for certification).

- Demonstrated ability to communicate technical findings to executive and non-technical audiences, and provide actionable remediation recommendations.

- Demonstrated experience working in government or highly regulated environments.

Preferred Qualifications: - A Minimum ten (10) years of progressive experience in cybersecurity

- A minimum of eight (8) years of experience in Advanced Offensive Security:

- Experience leading red team engagements.

- Experience performing adversary emulation exercises.

- Experience conducting phishing and social engineering simulations.

- Experience performing purple team exercises.

- A minimum of five (5) years of experience in Zero Trust & Architecture:

- Experience designing or assessing Zero Trust implementations.

- Experience evaluating micro-segmentation strategies and identity-centric controls.

- A minimum of five (5) years of experience in Cloud & Modern Infrastructure:

- Experience performing security assessments in AWS or Azure environments, Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments

- Experience testing CI/CD pipelines.

- A minimum of ten (10) years of experience in Software Development Depth:

- Strong low-level development knowledge (kernel, assembly, embedded systems) that supports advanced exploit analysis.

- Experience reviewing source code in JAVA or other compiled languages for vulnerabilities.

- A minimum of ten (10) years of experience in Government in the following:

- Experience supporting federal or state government security programs.

- Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments.