We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Emagine IT jobs

SENIOR PENETRATION TESTER (Remote)

Emagine IT
United States, Maryland, North Bethesda
Nov 05, 2025

Emagine IT has an immediate need for a Sr. Penetration Tester to join our team in support of our Commercial Services Team located remote.

In this role, you will facilitate Penetration Tests, Threat Hunting exercises and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments. To succeed in this position, you will need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. You will work in a team atmosphere with an experienced Sr. Consultant Project Lead, and you will be assigned technical sections and provide client-ready deliverables.

In this role, you will:

* Execute testing procedures in accordance with NIST SP 800-53A and industry testing standards like OWASP, MITRE, etc.

* Test for vulnerabilities, validate exploitable vulnerabilities within network, cloud, web and mobile environments

* Perform Social Engineering campaigns, including email phishing, spear phishing, phone pre-text calling - Including but not limited to creation of landing pages, creation of embedded executable payloads

* Develop Rules of Engagement, Penetration Test Plans, Penetration Testing report, Power Point presentations for kick-off and closing of client engagements

* Author recommendations based on findings to improve security postures compliant with NIST controls

* Penetration Testing/Threat Hunting (75%); Advisory/Consulting (%25)

* Experience using:

* Kali Linux

* Cobalt Strike

* Social Engineering Toolkit

* Burp Suite

* Nessus

* Metasploit Framework.

* Experience using the MITRE ATT&CK Framework

* Good understanding of coding (Python, Ruby, etc.)

* Understanding of SQL commands and testing

* Expected Travel less than 25%

Essential Functions / Duties & Responsibilities

1. Develop Testing Guides Based on Methodologies (MITRE, OWASP, etc.)

* Creation of Comprehensive Testing Frameworks: Develop detailed penetration testing guides and frameworks that align with industry standards such as MITRE ATT&CK, OWASP Top Ten, NIST, and others. These guides serve as a foundation for the team, providing step-by-step methodologies for various types of tests, such as web application, network, mobile, wireless, and social engineering assessments.

* Incorporation of Advanced Techniques: Regularly update these guides to incorporate the latest attack techniques and defensive strategies. This includes adapting to emerging threats and ensuring the guides remain relevant in the rapidly evolving cybersecurity landscape.

* Customization for Client Environments: Tailor these methodologies to meet specific client environments and industry requirements, ensuring that the testing approach is both comprehensive and contextually appropriate.

2. Develop Team Trainings Based on Test Guides and Engagement Debriefs

* Training Program Development: Design and implement training programs for the penetration testing team, leveraging the developed test guides. This includes foundational training for new hires and advanced sessions for experienced testers, covering both the theoretical and practical aspects of penetration testing.

* Debrief and Knowledge Sharing: Conduct debrief sessions following each engagement to discuss unique or novel findings. These sessions aim to share lessons learned, explore new vulnerabilities or attack techniques encountered, and foster a culture of continuous learning within the team.

* Simulation and Hands-On Training: Organize practical, hands-on workshops and simulations to provide team members with real-world experience in using new tools and methodologies. Encourage a red teaming mindset to challenge the status quo and think like adversaries.

3. Take on QA Responsibilities for Reports or Rules of Engagement (ROEs)

* Quality Assurance for Reports: Perform thorough quality assurance (QA) reviews of penetration testing reports to ensure accuracy, clarity, and completeness. This includes verifying that findings are well-documented, evidence is clearly presented, and recommendations are actionable and relevant.

* Consistency and Compliance: Ensure that all reports adhere to internal and external compliance requirements and follow a standardized format. This includes checking that language is professional, findings are ranked by risk severity, and there are no spelling or grammatical errors.

* Rules of Engagement (ROE) Review: Review and refine Rules of Engagement (ROE) documents to ensure they are clear, comprehensive, and aligned with client expectations and legal considerations. This involves outlining the scope, limitations, and specific rules under which testing will occur, and mitigating any potential risks.

4. More Active Role in Blog Posting and Research

* Thought Leadership and Content Creation: Take a proactive role in writing blog posts and research papers that contribute to the broader cybersecurity community. This includes sharing insights from recent engagements, discussing novel attack vectors, and exploring new defensive measures.

* Research and Development (R&D): Lead or participate in research initiatives to explore emerging threats, new vulnerabilities, and advanced attack techniques. Collaborate with other industry experts and organizations to exchange knowledge and stay at the forefront of cybersecurity trends.

* Community Engagement: Engage with the security community through conferences, webinars, and social media to discuss findings, share knowledge, and establish the organization as a thought leader in penetration testing and cybersecurity.

5. Tool Development and Acquisition (Responsible for Vendor Communications)

* Tool Development and Customization: Lead the development of custom tools and scripts to automate repetitive tasks, enhance testing capabilities, or address specific needs not covered by existing tools. This may involve coding in languages such as Python, PowerShell, or Bash.

* Vendor Communication and Acquisition: Act as the primary point of contact for vendor communications regarding tool acquisition. This includes evaluating new tools, negotiating contracts, managing licensing, and ensuring that new acquisitions align with the team's needs and budget.

* Vendor Management: Maintain relationships with tool vendors, manage software licenses, and ensure compliance with vendor agreements. Coordinate tool evaluations and trials, and gather feedback from the team to make informed purchasing decisions.

6. Manage Current Toolset and Adjust Them as Needed for the Team

* Toolset Management: Oversee the maintenance and management of the team's current toolset, ensuring that all tools are updated, properly configured, and functioning correctly. This includes open-source tools, commercial products, and internally developed scripts.

* Optimization and Customization: Regularly assess the effectiveness of the existing toolset and make adjustments as needed. This might involve configuring tools for specific engagement requirements, integrating them with other systems, or enhancing their functionality through plugins or custom scripts.

* Continuous Improvement and Adaptation: Stay updated on the latest tools and technologies in penetration testing and cybersecurity. Evaluate new tools and technologies for potential inclusion in the toolset to ensure the team remains equipped with the best resources available.

* Security and Compliance of Tools: Ensure that all tools in use adhere to the organization's security policies and do not pose any risks to client environments. Regularly review tool security settings and configurations to prevent misuse or exploitation.

Qualifications/Minimum Requirements

* Bachelor's degree in a relevant field

* Certifications: OSCP, OSCE, OSWP, CEH, CRTO

* 5 years' experience

AAP/EEO Statement

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Emagine IT is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Emagine IT team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end users, and give our customers a competitive edge, now and into the future.

Applied = 0
MORE JOBS LIKE THIS

(web-675dddd98f-zqw5m)