Lead Infrastructure Penetration Tester - Local NC

Duration: 12+ Months

Lead Infrastructure Pentester is a precise, professional title for this senior-level role focused on network and infrastructure security testing.

**** Ideal for cleared professionals with state government contract experience.

The Lead Infrastructure Pentester will plan and execute advanced penetration tests on internal/external networks, infrastructure, and cloud environments to identify vulnerabilities, simulate threat actor tactics, and deliver actionable reports for remediation. Requires 10+ years of expertise in offensive security.

• Conduct comprehensive penetration testing across network devices (firewalls, routers, switches), on-premise servers (Windows/Linux/Unix), Active Directory, VPNs, and cloud platforms.
• Perform vulnerability validation, controlled exploitation, privilege escalation, lateral movement, credential compromise, and persistence simulations per approved Rules of Engagement.
• Evaluate security configurations, control effectiveness, and compliance with frameworks like NIST SP 800‑53/115/61, MITRE ATT&CK, and OWASP.
• Author detailed reports for executive, audit, and technical stakeholders; support remediation validation and retesting.

• Hands‑on penetration testing/offensive security expertise: 10+ years.
• Network & infrastructure security (TCP/IP, DNS, DHCP, VPNs, firewalls, IDS/IPS; Windows/Linux internals; AD attack paths): 8 years.
• Proficiency with tools like Nmap, Nessus, Metasploit, Burp Suite, Blood Hound, Net Exec, and Ping Castle: 7 years.
• Experience producing standard pentest reports and familiarity with NIST, MITRE ATT&CK, OWASP: 7 years.
• Work in regulated/high-security environments plus legal/ethical pentesting standards: 7 years (5+ for compliance).