{"schemaVersion":"jobsearcher.job.v1","id":"bb1c0c8df30ca15ecc576b4e","url":"https://jobsearcher.com/jobs/bb1c0c8df30ca15ecc576b4e","canonicalUrl":"https://jobsearcher.com/jobs/bb1c0c8df30ca15ecc576b4e","title":"Senior Penetration Tester","description":"POSITION SUMMARY:\n\nCODICE seeks a highly skilled Senior Penetration Tester to join our cybersecurity team. This role is crucial in ensuring the security and compliance of our systems through regular and ad-hoc penetration testing. The ideal candidate will be an expert in building and executing vulnerability assessment and penetration testing programs, with specific expertise in Ruby and the Ruby on Rails framework. This position reports to the Chief Information Security Officer (CISO) and plays a vital role in maintaining our organization's security posture.\n\nESSENTIAL FUNCTIONS\n\nDuties and Responsibilities\nConduct regular and ad-hoc penetration tests on our systems, networks, and applications to identify security vulnerabilities and weaknesses.\nDesign, build, and maintain a comprehensive vulnerability assessment and penetration testing program.\nPerform in-depth security assessments of Ruby on Rails applications, leveraging expert knowledge of the framework and its security implications.\nUtilize a wide range of penetration testing tools and techniques to simulate real-world attacks and identify potential security breaches.\nAnalyze test results and provide detailed reports on findings, including severity assessments and remediation recommendations.\nWork closely with development and operations teams to explain vulnerabilities and assist in implementing effective security controls.\nConduct security assessments of cloud environments, particularly AWS, addressing their specific security challenges.\nDevelop and maintain custom scripts and tools to enhance and automate the penetration testing process.\nStay current with the latest security threats, vulnerabilities, and exploitation techniques.\nParticipate in the development and improvement of security policies, standards, and best practices.\nProvide expert guidance on secure coding practices, particularly for Ruby and Ruby on Rails applications.\nCollaborate with the CISO and other security team members to continuously improve the organization's overall security posture.\nConduct post-exploitation analysis to determine the potential impact of identified vulnerabilities.\nAssist in incident response activities when necessary, leveraging penetration testing skills to understand and mitigate threats\n\nKnowledge, Skills and Abilities\n\nTechnical Skills\nProgramming Languages\nDemonstrated proficiency in:\nPython: Ability to write complex scripts for automation and exploitation\nRuby: Expert-level knowledge, including in-depth understanding of Ruby on Rails framework and its security implications\nPerl: Familiarity with Perl scripting for text processing and system administration tasks\nC: Understanding of low-level programming and memory management\nC++: Knowledge of object-oriented programming and its application in security testing\nScripting Skills\nDemonstrated expertise in:\nBash: Ability to create advanced shell scripts for automation and system interaction\nPowerShell: Proficiency in writing scripts for Windows environment penetration testing\nJavaScript: Capability to analyze and exploit client-side vulnerabilities\nOperating Systems\nDemonstrated expert knowledge of:\nWindows: In-depth understanding of Windows architecture, services, and security mechanisms\nLinux: Proficiency in various distributions, command-line operations, and system administration\nUnix: Familiarity with Unix-based systems and their specific security considerations\nNetwork Protocols\nDemonstrated expert understanding of:\nTCP/IP: Comprehensive knowledge of the TCP/IP stack and related protocols\nUDP: Understanding of stateless communication and its security implications\nDNS: Familiarity with DNS structure, record types, and common attack vectors\nHTTP/S: In-depth knowledge of web protocols, including headers, methods, and secure communication\nFTP: Understanding of file transfer protocols and associated vulnerabilities\nSMTP: Familiarity with email protocols and related security issues\nPenetration Testing Tools\nDemonstrated proficiency with:\nMetasploit: Advanced usage for exploitation and post-exploitation activities\nBurp Suite: Expert-level use for web application security testing\nNmap: Proficiency in network discovery and security auditing\nWireshark: Advanced packet analysis and network traffic inspection\nNessus: Skill in vulnerability scanning and assessment\nOpenVAS: Familiarity with open-source vulnerability scanning\nVulnerability Identification and Exploitation\nDemonstrated expertise in:\nSQL Injection: Advanced techniques for identifying and exploiting database vulnerabilities\nCross-Site Scripting (XSS): Proficiency in detecting and exploiting various types of XSS\nCross-Site Request Forgery (CSRF): Understanding of CSRF mechanics and exploitation\nBuffer Overflows: Knowledge of memory corruption vulnerabilities and exploitation techniques\nDemonstrated knowledge of\nAdvanced Exploitation Techniques: Familiarity with privilege escalation, pivoting, and lateral movement\nPost-Exploitation Methodologies: Understanding of maintaining access, data exfiltration, and covering tracks\nCloud Security\nDemonstrated expertise with:\nAWS: In-depth knowledge of AWS services and their security implications\nCloud-Specific Security Challenges: Understanding of shared responsibility models, misconfigurations, and cloud-native vulnerabilities\nProficiency in:\nCloud Security Tools: Experience with tools designed for cloud environment penetration testing\nCloud Penetration Testing Techniques: Familiarity with methodologies specific to cloud infrastructure testing\nWeb Application Security Skills and Experience\nWeb Application Vulnerabilities\nDemonstrated expertise of:\nOWASP Top Ten: Comprehensive understanding of the most critical web application security risks\nOther Common Vulnerabilities: Familiarity with issues like insecure deserialization, XML external entities (XXE), server-side request forgery (SSRF)\nWeb Application and API Testing\nDemonstrated expertise in:\nManual Testing Techniques: Proficiency in hands-on discovery and exploitation of web vulnerabilities\nAutomated Testing Tools: Experience with web application scanners and API testing tools\nAPI Security: Understanding of REST, SOAP, and GraphQL API vulnerabilities and testing methodologies\nSecure Coding Practices\nIn-depth understanding of secure coding principles, particularly in Ruby on Rails applications\nAbility to provide actionable recommendations for remediating identified vulnerabilities\nQUALIFICATIONS\nRequired Education:\nBachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.\nRequired Experience:\nMinimum of 8 years of experience in penetration testing and ethical hacking\nProven track record of successful penetration tests and vulnerability assessments\nStrong analytical and problem-solving skills\nExcellent written and verbal communication skills\nAbility to explain complex technical concepts to both technical and non-technical stakeholders\nSelf-motivated with a passion for continuous learning in cybersecurity\nStrong ethical standards and integrity\nAbility to work independently and as part of a team in a fast-paced environment\nFamiliarity with compliance standards (e.g., PCI DSS, HIPAA, SOC 2)\nUnderstanding of risk assessment methodologies\nExperience with writing detailed, actionable penetration testing reports\nKnowledge of secure development practices and SDLC integration\nRequired Licensure/ Certification:\nRelevant industry certifications such as:\nOffensive Security Certified Professional (OSCP)\nCertified Ethical Hacker (CEH)\nGIAC Penetration Tester (GPEN)\nOther equivalent certifications demonstrating advanced penetration testing skills\nPreferred Education:\nMaster’s degree in computer science, Information Technology, or a related field","company":"Codice","rawCompany":"codice","city":"Washington","state":"DC","isRemote":false,"isActive":false,"createdAt":"2026-04-12T20:47:25.210Z","occupations":[{"code":"15-1299.04","title":"Penetration Testers","slug":"penetration-testers"},{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"},{"code":"15-1252.00","title":"Software Developers","slug":"software-developers"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"541519","title":"Other Computer Related Services","slug":"other-computer-related-services"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"Senior Penetration Tester","description":"POSITION SUMMARY:\n\nCODICE seeks a highly skilled Senior Penetration Tester to join our cybersecurity team. This role is crucial in ensuring the security and compliance of our systems through regular and ad-hoc penetration testing. The ideal candidate will be an expert in building and executing vulnerability assessment and penetration testing programs, with specific expertise in Ruby and the Ruby on Rails framework. This position reports to the Chief Information Security Officer (CISO) and plays a vital role in maintaining our organization's security posture.\n\nESSENTIAL FUNCTIONS\n\nDuties and Responsibilities\nConduct regular and ad-hoc penetration tests on our systems, networks, and applications to identify security vulnerabilities and weaknesses.\nDesign, build, and maintain a comprehensive vulnerability assessment and penetration testing program.\nPerform in-depth security assessments of Ruby on Rails applications, leveraging expert knowledge of the framework and its security implications.\nUtilize a wide range of penetration testing tools and techniques to simulate real-world attacks and identify potential security breaches.\nAnalyze test results and provide detailed reports on findings, including severity assessments and remediation recommendations.\nWork closely with development and operations teams to explain vulnerabilities and assist in implementing effective security controls.\nConduct security assessments of cloud environments, particularly AWS, addressing their specific security challenges.\nDevelop and maintain custom scripts and tools to enhance and automate the penetration testing process.\nStay current with the latest security threats, vulnerabilities, and exploitation techniques.\nParticipate in the development and improvement of security policies, standards, and best practices.\nProvide expert guidance on secure coding practices, particularly for Ruby and Ruby on Rails applications.\nCollaborate with the CISO and other security team members to continuously improve the organization's overall security posture.\nConduct post-exploitation analysis to determine the potential impact of identified vulnerabilities.\nAssist in incident response activities when necessary, leveraging penetration testing skills to understand and mitigate threats\n\nKnowledge, Skills and Abilities\n\nTechnical Skills\nProgramming Languages\nDemonstrated proficiency in:\nPython: Ability to write complex scripts for automation and exploitation\nRuby: Expert-level knowledge, including in-depth understanding of Ruby on Rails framework and its security implications\nPerl: Familiarity with Perl scripting for text processing and system administration tasks\nC: Understanding of low-level programming and memory management\nC++: Knowledge of object-oriented programming and its application in security testing\nScripting Skills\nDemonstrated expertise in:\nBash: Ability to create advanced shell scripts for automation and system interaction\nPowerShell: Proficiency in writing scripts for Windows environment penetration testing\nJavaScript: Capability to analyze and exploit client-side vulnerabilities\nOperating Systems\nDemonstrated expert knowledge of:\nWindows: In-depth understanding of Windows architecture, services, and security mechanisms\nLinux: Proficiency in various distributions, command-line operations, and system administration\nUnix: Familiarity with Unix-based systems and their specific security considerations\nNetwork Protocols\nDemonstrated expert understanding of:\nTCP/IP: Comprehensive knowledge of the TCP/IP stack and related protocols\nUDP: Understanding of stateless communication and its security implications\nDNS: Familiarity with DNS structure, record types, and common attack vectors\nHTTP/S: In-depth knowledge of web protocols, including headers, methods, and secure communication\nFTP: Understanding of file transfer protocols and associated vulnerabilities\nSMTP: Familiarity with email protocols and related security issues\nPenetration Testing Tools\nDemonstrated proficiency with:\nMetasploit: Advanced usage for exploitation and post-exploitation activities\nBurp Suite: Expert-level use for web application security testing\nNmap: Proficiency in network discovery and security auditing\nWireshark: Advanced packet analysis and network traffic inspection\nNessus: Skill in vulnerability scanning and assessment\nOpenVAS: Familiarity with open-source vulnerability scanning\nVulnerability Identification and Exploitation\nDemonstrated expertise in:\nSQL Injection: Advanced techniques for identifying and exploiting database vulnerabilities\nCross-Site Scripting (XSS): Proficiency in detecting and exploiting various types of XSS\nCross-Site Request Forgery (CSRF): Understanding of CSRF mechanics and exploitation\nBuffer Overflows: Knowledge of memory corruption vulnerabilities and exploitation techniques\nDemonstrated knowledge of\nAdvanced Exploitation Techniques: Familiarity with privilege escalation, pivoting, and lateral movement\nPost-Exploitation Methodologies: Understanding of maintaining access, data exfiltration, and covering tracks\nCloud Security\nDemonstrated expertise with:\nAWS: In-depth knowledge of AWS services and their security implications\nCloud-Specific Security Challenges: Understanding of shared responsibility models, misconfigurations, and cloud-native vulnerabilities\nProficiency in:\nCloud Security Tools: Experience with tools designed for cloud environment penetration testing\nCloud Penetration Testing Techniques: Familiarity with methodologies specific to cloud infrastructure testing\nWeb Application Security Skills and Experience\nWeb Application Vulnerabilities\nDemonstrated expertise of:\nOWASP Top Ten: Comprehensive understanding of the most critical web application security risks\nOther Common Vulnerabilities: Familiarity with issues like insecure deserialization, XML external entities (XXE), server-side request forgery (SSRF)\nWeb Application and API Testing\nDemonstrated expertise in:\nManual Testing Techniques: Proficiency in hands-on discovery and exploitation of web vulnerabilities\nAutomated Testing Tools: Experience with web application scanners and API testing tools\nAPI Security: Understanding of REST, SOAP, and GraphQL API vulnerabilities and testing methodologies\nSecure Coding Practices\nIn-depth understanding of secure coding principles, particularly in Ruby on Rails applications\nAbility to provide actionable recommendations for remediating identified vulnerabilities\nQUALIFICATIONS\nRequired Education:\nBachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.\nRequired Experience:\nMinimum of 8 years of experience in penetration testing and ethical hacking\nProven track record of successful penetration tests and vulnerability assessments\nStrong analytical and problem-solving skills\nExcellent written and verbal communication skills\nAbility to explain complex technical concepts to both technical and non-technical stakeholders\nSelf-motivated with a passion for continuous learning in cybersecurity\nStrong ethical standards and integrity\nAbility to work independently and as part of a team in a fast-paced environment\nFamiliarity with compliance standards (e.g., PCI DSS, HIPAA, SOC 2)\nUnderstanding of risk assessment methodologies\nExperience with writing detailed, actionable penetration testing reports\nKnowledge of secure development practices and SDLC integration\nRequired Licensure/ Certification:\nRelevant industry certifications such as:\nOffensive Security Certified Professional (OSCP)\nCertified Ethical Hacker (CEH)\nGIAC Penetration Tester (GPEN)\nOther equivalent certifications demonstrating advanced penetration testing skills\nPreferred Education:\nMaster’s degree in computer science, Information Technology, or a related field","datePosted":"2026-04-12T20:47:25.210Z","dateModified":"2026-04-12T20:47:25.210Z","hiringOrganization":{"@type":"Organization","name":"Codice","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Washington","addressRegion":"DC","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"bb1c0c8df30ca15ecc576b4e"},"url":"https://jobsearcher.com/jobs/bb1c0c8df30ca15ecc576b4e"}}