General Dynamics Information Technology Logo

General Dynamics Information Technology

Penetration Tester

Reposted Yesterday
Be an Early Applicant
Remote
Hiring Remotely in Location, WV, USA
123K-167K Annually
Senior level
Remote
Hiring Remotely in Location, WV, USA
123K-167K Annually
Senior level
Perform hands-on application, API, and AWS cloud penetration testing and vulnerability assessments for CMM systems to support ATO packages. Validate NIST 800-53 controls, document findings and exploitation steps, produce SARs, and work with DevSecOps and engineering teams to remediate and retest issues. Support RMF Step 3, CI/CD security, container and cloud security testing, threat modeling, and security integration into Agile sprints.
The summary above was generated by AI

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

None

Clearance Level Must Be Able to Obtain:

None

Public Trust/Other Required:

Other

Job Family:

Cyber and IT Risk Management

Job Qualifications:

Skills:

Automated Testing, AWS Cloud Computing, Infrastructure Penetration Testing, Security Controls, Security Testing

Certifications:

None

Experience:

8 + years of related experience

US Citizenship Required:

No

Job Description:

The Penetration Tester supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by conducting security, penetration, and vulnerability assessments required prior to Application ATO (Authority to Operate). This role ensures that CMM applications—built using React, NodeJS, AWS cloud services, and microservices—meet federal security standards and demonstrate resilience against real‑world cyber threats.

Working within Agile DevSecOps teams, the Penetration Tester performs hands‑on exploitation, validates security controls, identifies weaknesses, and collaborates with engineering teams to remediate findings. This role is critical to ensure that CMM systems comply with NIST 800‑53, RMF, and AO security requirements before production authorization.

Key Responsibilities:

  • Perform application, API, and cloud penetration tests on CMM systems prior to ATO submission.
  • Conduct web, mobile, API, and microservices security testing using industry‑standard tools and manual exploitation techniques.
  • Execute AWS cloud penetration testing within approved boundaries (IAM, S3, Lambda, API Gateway, ECS/EKS, networking).
  • Perform static and dynamic analysis, including code review for security vulnerabilities.
  • Conduct credentialed and uncredentialed scans, privilege escalation testing, and lateral movement analysis.
  • Validate implementation of NIST 800‑53 controls, including AC, AU, IA, SC, SI, and CM families.
  • Support RMF Step 3 (Security Assessment) activities and provide evidence for ATO packages.
  • Identify vulnerabilities across application layers, cloud infrastructure, and CI/CD pipelines.
  • Work with developers, cloud engineers, and DevSecOps teams to validate fixes and retest vulnerabilities.
  • Provide detailed remediation guidance aligned with secure coding and cloud security best practices.
  • Track findings in Jira or equivalent tools and ensure closure prior to ATO milestones.
  • Prepare Security Assessment Reports (SAR), penetration test summaries, and risk findings for AO stakeholders.
  • Document exploitation steps, proof‑of‑concepts, and risk severity aligned with federal scoring methodologies.
  • Contribute to System Security Plans (SSP), POA&Ms, and ATO evidence packages.
  • Support pre‑ATO readiness reviews, including control validation and security walkthroughs.
  • Participate in tabletop exercises, threat modeling sessions, and architecture reviews.
  • Validate system resilience through stress, failover, and adversarial resilience testing.
  • Ensure compliance with federal security standards, including NIST, FISMA, and AO-specific guidelines.
  • Work closely with development teams to integrate security testing into Agile sprints.
  • Provide security insights during sprint planning, backlog refinement, and release readiness reviews.
  • Support secure CI/CD pipeline enhancements, including automated security scanning.

REQUIREMENTS:

  • 8+ years of experience in penetration testing, application security, or ethical hacking security roles.
  • Experience documenting test plans, test procedures, and detailed security findings.
  • Experience supporting federal security assessments or enterprise-scale security testing.
  • Hands-on experience performing penetration tests on web applications, APIs, microservices, and cloud environments.
  • Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto, K6 Security, or custom scripts.
  • Experience testing applications built with NodeJS, ReactJS, REST APIs, and microservices.
  • Strong understanding of AWS security, including IAM, VPC, S3, Lambda, API Gateway, ECS/EKS, CloudTrail, and CloudWatch.
  • Experience with NIST 800‑53, RMF, FedRAMP, or federal ATO processes.
  • Ability to interpret logs, metrics, and security telemetry to identify attack paths.
  • Familiarity with SIEM and monitoring tools such as Datadog, ELK, CloudWatch, Grafana.
  • Experience with container security (Docker, Kubernetes, OpenShift).
  • Understanding of network security, distributed tracing, and adversarial testing techniques.
  • Strong analytical, communication, and documentation skills.

QUALIFICATIONS:

  • 8+ years of general experience in information systems with BS/BA Degree, or 6+ years with MA/MS Degree
  • 6+ years experience with in integration, regression, and system testing using automated testing tools in web-based applications
  • Experience in writing test cases, test plans, executing test scripts, reporting defects and preparing test results reports
  • Experience in the entire QA Life Cycle, to include designing, developing and execution on the entire QA process and documentation of test plans, test cases, test procedures and test scripts
  • Experience may be considered in lieu of degree

CERTIFICATIONS:

  • OSCP, OSWE, GWAPT, GPEN, or similar offensive security certifications.
  • AWS Security Specialty
  • SAFe, DevSecOps, or Agile certifications beneficial.

TOOLS & TECHNOLOGIES:

  • Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto
  • K6 Security, custom Python/JavaScript tools
  • AWS CloudWatch, CloudTrail, GuardDuty
  • Datadog, ELK Stack, Prometheus, Grafana
  • Jenkins, GitLab CI/CD, GitHub Actions
  • SAST/DAST tools (SonarQube, Checkmarx, Fortify)
  • Jira, Confluence, SharePoint, MS Teams
  • Power BI, Grafana dashboards

COMMUNICATION & ORGANIZATIONAL

  • Excellent presentation and communication (oral and written) skills.
  • Consultant mindset with the ability to work with high level customer stakeholders and build excellent customer relationship.
  • Experience identifying and applying industry tools, solutions, methods best practices, and emerging technologies.
  • Strong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvement.
  • Demonstrated ability to work effectively, independently, and as part of a team.

The likely salary range for this position is $123,250 - $166,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

None

Telecommuting Options:

Remote

Work Location:

Any Location / Remote

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee’s date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

 



Our Identity Verification Process:

As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.

About Our Work:

We are GDIT. A global technology and professional services company that delivers technology solutions and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50+ countries worldwide, offering leading mission-ready capabilities in AI, cloud, cyber and software development.

Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

General Dynamics Information Technology Colorado Springs, Colorado, USA Office

Colorado Springs, United States, 0

Similar Jobs

3 Days Ago
Remote
United States
140K-140K Annually
Senior level
140K-140K Annually
Senior level
Security • Cybersecurity
Lead advanced vulnerability assessments, penetration tests, and adversary emulation in ICS/OT environments. Perform hands‑on exploitation, analyze network and host data to identify attack paths and vulnerabilities, produce clear remediation reports and client briefings, mentor team members, research threat actor TTPs, and contribute to detection and platform improvements. Support customer readiness through exercises and workshops.
Top Skills: Burp Suite ProCobalt StrikeIcs/OtKali LinuxLotl TechniquesMetasploit
12 Days Ago
Remote
USA
115K-150K Annually
Senior level
115K-150K Annually
Senior level
Information Technology • Software • Cybersecurity • Defense
Perform enterprise web application, API, and database penetration tests; analyze authentication/authorization and business logic flaws; draft technical reports; validate remediations; automate tests; coordinate with owners and SOC teams; research emerging APT threats and threat emulation techniques; support corporate proposals and agency cybersecurity initiatives.
Top Skills: Active DirectoryApi Security Top 10BgpBurp SuiteDhcpDnsFismaHoneynetsHTTPHttpsIcmpJSONKali LinuxLinuxmacOSMetasploitMplsNistOwasp Top 10Post-Exploitation FrameworksRestSmtpSoapSQLTcpUdpWindowsXML
12 Days Ago
Remote
United States
Junior
Junior
Security • Cybersecurity
Perform comprehensive internal, external, wireless, and web application penetration tests and social engineering assessments. Execute vulnerability scans, write client reports, use Kali Linux exclusively from the command line, create Bash scripts, manage files via CLI, and reimage devices and VMs. Collaborate with management to plan and deliver high-quality security testing for diverse clients.
Top Skills: BashKali LinuxNanoNmapSshVi

What you need to know about the Colorado Tech Scene

With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.

Key Facts About Colorado Tech

  • Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
  • Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
  • Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
  • Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
  • Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account