Senior System Security Specialist (Baltimore)

Minimum QualificationsA Minimum eight (8) years of progressive experience in cybersecurityA minimum of five (5) years performing penetration testing or red team engagements.A minimum of five (5) years conducting network penetration testing, web application and API testing, internal and external vulnerability assessments and threat modeling and attack path analysisA minimum of five (5) years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance.A minimum of five (5) years supporting incident response investigations and validation testing.A minimum of five (5) years with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Nessus, etc.).Strong knowledge of Secure coding practices, Application security testing (SAST/DAST concepts), Network architecture and segmentation and Identity and access management conceptsA minimum of five (5) years of demonstrated scripting or development ability in at least one language (e.g., Python, C/C++, PowerShell, Bash).A minimum of five (5) years of working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK and OWASP Top 10A minimum of five (5) years of experience mapping findings to security control frameworks.At least one recognized offensive security certification (e.g., OSCP, GPEN, GXPN, CEH, or major experience can substitute for certification).Demonstrated ability to communicate technical findings to executive and non-technical audiences, and provide actionable remediation recommendations.Demonstrated experience working in government or highly regulated environments.Preferred Qualifications:A Minimum ten (10) years of progressive experience in cybersecurityA minimum of eight (8) years of experience in Advanced Offensive Security:Experience leading red team engagements.Experience performing adversary emulation exercises.Experience conducting phishing and social engineering simulations.Experience performing purple team exercises.A minimum of five (5) years of experience in Zero Trust & Architecture:Experience designing or assessing Zero Trust implementations.Experience evaluating micro-segmentation strategies and identity-centric controls.A minimum of five (5) years of experience in Cloud & Modern Infrastructure:Experience performing security assessments in AWS or Azure environments, Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deploymentsExperience testing CI/CD pipelines.A minimum of ten (10) years of experience in Software Development Depth:Strong low-level development knowledge (kernel, assembly, embedded systems) that supports advanced exploit analysis.Experience reviewing source code in JAVA or other compiled languages for vulnerabilities.A minimum of ten (10) years of experience in Government in the following:Experience supporting federal or state government security programs.Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments.