Penetration Tester - Lead - cFocus Software Incorporated - Washington, DC
cFocus Software Incorporated
Penetration Tester – Lead Position: Penetration Tester - Lead
Program: SBA Enterprise Cybersecurity Services (ECS)Position SummaryThe Penetration Tester – Lead supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by leading advanced penetration testing, vulnerability assessment, adversarial simulation, and security validation activities supporting enterprise cybersecurity operations.
The Penetration Tester – Lead performs expert-level offensive cybersecurity activities including network penetration testing, web application assessments, cloud security testing, wireless testing, red team operations, social engineering support, exploit validation, security control effectiveness testing, and advanced vulnerability analysis. The position provides technical leadership, testing strategy development, remediation validation, and risk-based recommendations to improve SBA’s cybersecurity posture and enterprise resilience.Essential Duties and ResponsibilitiesLead enterprise penetration testing and vulnerability assessment activities supporting SBA ECS cybersecurity initiatives.Support Task Areas 3.5.4 and 3.5.4.7 by conducting advanced offensive security testing against enterprise systems, applications, cloud environments, networks, and security architectures.Plan, coordinate, and execute internal and external penetration testing engagements in accordance with federal cybersecurity standards and approved Rules of Engagement (ROE).Conduct application security testing against web applications, APIs, mobile applications, and cloud-hosted systems.Perform network penetration testing, exploitation, lateral movement analysis, privilege escalation testing, and post-exploitation activities.Execute adversarial emulation and red team exercises to evaluate security controls, monitoring capabilities, and incident response effectiveness.Conduct vulnerability validation, exploit research, attack-path analysis, and risk prioritization activities.Ass