Senior Penetration Testing Lead

Job Description

Company: ECS

Location: Fairfax, US

Job Description

Everforth ECS is seeking a Senior Penetration Testing Lead to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War’s (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Senior Penetration Testing Lead serves as the principal offensive security authority for WDP, planning and executing controlled adversarial assessments across NIPRNet, SIPRNet, and JWICS environments to validate control effectiveness, identify exploitable attack paths, and directly inform Risk Management Framework authorization decisions across WDP’s multi-enclave architecture.

This is a senior technical leadership role demanding deep expertise in adversary emulation, red team operations, and government authorization processes, with direct responsibility for protecting mission-critical AI and analytics capabilities supporting warfighter decision-making at the highest levels of DoW leadership.

• Leads offensive security operations supporting Department of War mission systems across unclassified and classified networks.
• Plans, coordinates, and executes controlled penetration testing engagements against network infrastructure, web applications, cloud environments, and mission systems to identify exploitable attack paths beyond automated scanning capabilities.
• Develops testing strategies, rules of engagement, and assessment methodologies aligned with DoW cybersecurity policy and authorization objectives.
• Conducts advanced adversary emulation activities including lateral movement analysis, privilege escalation, command-and-control simulation, and post-exploitation impact assessment while maintaining operational safety and system availability.
• Coordinates testing activities with system owners, ISSOs, network defenders, and security operations teams to deconflict operations and support rapid response if anomalous behavior is detected.
• Produces comprehensive penetration test reports detailing attack vectors, exploitation techniques, evidence artifacts, and prioritized remediation recommendations.
• Supports red team exercises validating detection, response, and recovery capabilities across defensive teams and security tooling.
• Performs remediation verification and retesting to confirm corrective actions effectively mitigate identified risks.
• Maintains testing documentation, evidence repositories, and executive summaries supporting Risk Management Framework activities, authorization decisions, and leadership briefings.
• Delivers actionable insights that strengthen defensive posture, validate control effectiveness, and reinforce program values of resilience, accountability, mission assurance, and proactive cyber defense.
• Performs other duties as assigned.

Required Skills

• Current Secret security clearance.
• 10-12 years of experience in penetration testing, offensive security, red team operations, or a closely related cybersecurity discipline, with demonstrated senior-level ownership of full-lifecycle penetration test engagements across complex federal, DoW, or enterprise network and cloud environments.
• IAM Level I certification from an approved credential, including CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Advanced offensive security certification such as Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration Tester (OSEP), GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), or an equivalent credential demonstrating mastery of adversary emulation, exploitation techniques, and structured penetration testing methodology.
• Proven experience supporting DoW or federal Risk Management Framework processes, including preparation and maintenance of penetration testing plans, rules of engagement, Body-of-Evidence artifacts, and remediation findings packages in support of Authority to Operate decisions and continuous monitoring obligations under NIST 800-53.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Desired Skills

• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Experience conducting penetration testing and adversary emulation within DoW or federal classified multi-enclave environments, including applied familiarity with IL5, IL6, and JWICS network and cloud architecture constraints governing offensive security operations.
• Proficiency with industry-standard offensive security tooling such as Cobalt Strike, Metasploit Framework, Burp Suite Pro, BloodHound, or equivalent platforms, with demonstrated experience applying these tools within authorized government or enterprise red team engagements.
• Familiarity with Zero Trust Architecture validation and micro-segmentation testing, including experience assessing lateral movement controls, identity-based access enforcement, and supply chain risk management implementations aligned with DoW Zero Trust Strategy and Reference Architecture requirements.
• Experience contributing to or leading purple team exercises that integrate offensive findings with defensive operations, supporting detection engineering improvements, SOC use case refinement, and security tooling validation across enterprise SIEM and endpoint detection platforms.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth, a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We Value

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven

Source: LinkedIn