Full Description

Job DetailsLevel: ExperiencedJob Location: REMOTE (United States) - Remote, VA 22211Position Type: Full TimeEducation Level: Bachelor's DegreeTravel Percentage: Occasionally Job Shift: DayJob Category: Professional ServicesBMA is seeking a Senior Penetration Tester to support our Cybersecurity Assessment Program (CAP) Program. This position is fully remote and contingent on contract award. Job Summary Key elements of this work consist of but are not limited to: Independently performs penetration testing of applications, systems, and enclaves; identifies security flaws in computing platforms and applications and devises strategies and techniques to mitigate identified cybersecurity risks Performs application, network, and wireless penetration testing and security assessments Applies offensive cybersecurity testing techniques and coordinates testing projects with internal and external system owners Reports on identified cybersecurity risks and recommends mitigation measures to improve the overall cybersecurity posture of the enterprise Applies in-depth knowledge of network protocols, operating systems, web application security, reverse engineering, and scripting languages to identify and mitigate vulnerabilities before they can be exploited by threat actors Continuously refines and improves cybersecurity defenses and incident response plans Supports the development of Assessment Final Reports, Mitigation Effectiveness Reports, and Rules of Engagement Supports daily hotwash events, briefings and presentations, and scoping meetings Clearance Requirements An active Secret security clearance is required at the time of proposal submission. Required Skills & Certifications 6+ years of proven proficiency performing extensive vulnerability assessments and penetration testing 3+ years of experience using testing tools including NESSUS, Metasploit, CANVAS, Nmap, Burp Suite, and Kismet 3+ years of experience performing network vulnerability assessments and applying penetration testing methodologies 3+ years of experience writing penetration testing and assessment reports 2+ years of experience administering, using, and troubleshooting Windows Server and IIS 2+ years of experience administering, using, and troubleshooting a major Linux distribution 2+ years of experience performing PCI DSS testing Possession of one or more penetration testing certifications such as Licensed Penetration Tester (LPT), Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) Knowledge of TCP/IP protocols and networking architectures Knowledge of open security testing standards and projects, including OWASP Knowledge of database, application, and web server design and implementation Experience scripting in Perl, Python, Ruby, Bash, or Java Experience with wireless LAN security testing Excellent oral communication, written documentation, and presentation skills Desired Skills & Certifications Experience supporting DLA contracts Bachelor’s degree in a relevant technical field Project Management Professional (PMP) certification Familiarity with enterprise networks and systems, including servers, databases, APIs, and Active Directory Familiarity with web application concepts such as session management, business logic, and input validation Familiarity with AI and large language model (LLM) security concerns, including data poisoning and prompt injection exploitation Familiarity with operational technology (OT) environments, including SCADA system security and PLC security Familiarity with wireless networks, including Bluetooth security and wireless intrusion detection and prevention systems (WIDS/WIPS) Familiarity with DevSecOps pipelines, including SAST, DAST, and SCA implementation and automated security testing Familiarity with hybrid environments, including the interconnectivity and security of on-premises and cloud-based systems Other Duties This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Overview BMA is an employee-owned small business headquartered in Huntsville, AL that provides superior customer service by empowering all levels of our staff to make timely decisions to produce high-quality results. BMA fosters an environment of passion, precision, and dedication in order to fulfill our commitments to our partners, government, and country. Benefits We believe that our employees well-being is paramount to our success so our benefits package has been crafted with that in mind. We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them. BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance. Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements. AAP & EEO Statement Beshenich Muir & Associates, LLC (BMA) is an Equal opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable Federal, State, or Local Law. Qualifications