Penetration Test Lead

Overview

Penetration Testing Lead — Falls Church, Virginia. Full-time.

Important Notice: This position is contingent upon contract award.

Penetration Test Leads plan and execute complex offensive security assessments identifying exploitable vulnerabilities before adversaries can. This role leads penetration testing engagements, develops testing methodologies, coordinates with system owners, and produces comprehensive penetration testing reports. Pen Test Leads possess advanced offensive security skills and ensure testing is conducted safely without impacting production operations.

• Plan and scope 15-30 penetration testing engagements annually.
• Execute network penetration tests identifying exploitable vulnerabilities.
• Conduct web application security assessments (OWASP Top 10).
• Perform social engineering tests (phishing, vishing, physical security).
• Lead 2-4 major red team exercises annually.
• Identify 100-300 exploitable vulnerabilities annually.
• Document 10-40 critical/high severity findings requiring immediate remediation.
• Produce 15-30 comprehensive penetration test reports annually.
• Conduct 50-150 vulnerability revalidation tests verifying fixes.

• Annual Assessments: 15-30 penetration tests.
• Systems Tested: 30-80 systems assessed annually.
• Vulnerabilities Found: 100-300 exploitable issues identified.
• Critical Findings: 10-40 requiring immediate action.
• Assessment Reports: 15-30 comprehensive deliverables.
• Red Team Exercises: 2-4 major exercises annually.
• Remediation Validation: 50-150 retests annually.

• Clearance:
  Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS) based on network assignment.
• Education:
  
  Bachelor s Degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Experience:
  
  10+ years information security; 5+ years penetration testing experience.
• Certifications:
  
  OSCP or GPEN required; OSCE, GXPN, GWAPT, or other offensive security certifications highly desired.
• Technical Knowledge:
  Expert knowledge of penetration testing methodologies (PTES, OWASP, NIST 800-115), network protocols, web applications, exploitation techniques, security controls.

Advana is the Department of Defense Chief Digital and Artificial Intelligence Office s (CDAO) enterprise-wide data, analytics, and AI platform. Advana provides DoD military and civilian decision makers with unprecedented access to enterprise data, tools, and capabilities in a secure environment. The platform hosts hundreds of curated applications across logistics, financial management, personnel, health, and other domains, accelerating decision advantage through accessible, actionable data and AI capabilities.

This position supports comprehensive cybersecurity operations for the Advana platform across three classified networks (NIPR, SIPR, JWICS).

Position Status:

• This position is contingent upon contract award.
• Start date will be determined upon contract award.
• We will maintain contact with selected candidates throughout the award process.

• U.S. Citizen required.
• Clearance varies by network:
  Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS).
• On-premises work required at Suffolk Building, Falls Church, VA.
• No remote work options available.
• Standard business hours with operational flexibility.

• 4 Weeks Paid Time Off.
• All Federal Holiday’s Paid Vacation.
• Four Percent Matching 401K.
• Full health/vision/dental benefits for the employee and family paid 100% by ZTI Solutions, LLC.

We thank all applicants for their interest. Only candidates selected for interviews will be contacted.