Ai Penetration Testing Jobs in Reston, VA (NOW HIRING)

Title: Penetration Tester III

Location: Washington, DC or Chandler, AZ

Terms: Full-time

Clearance: Active Secret Required

Travel: 0-20%

As a Penetration Tester III at Revolutional, you are a senior offensive security practitioner with the range to operate across network, application, cloud, mobile, and IoT environments — and the experience to lead the engagements, not just execute them. You plan and conduct Red Team operations, High Value Asset assessments, and continuous penetration testing programs against complex federal infrastructure, and you produce findings that drive real security improvements.

You bring 5 to 7+ years of hands-on penetration testing experience, deep familiarity with industry-standard methodologies, and the technical credibility to lead a team under operational pressure. You think like an adversary, work within rules of engagement, and translate what you find into clear, actionable reporting for both technical and executive audiences.

• Plan, lead, and execute penetration tests across network, application, cloud, mobile, and IoT environments using continuous penetration testing methodologies
• Conduct and lead Red Team engagements end-to-end: scoping, planning, execution, post-engagement analysis, and reporting
• Perform High Value Asset (HVA) assessments in accordance with CISA AES HVA assessment standards and methodologies
• Execute penetration tests against federal and commercial cloud environments, mobile device applications, and IoT devices using appropriate platform-specific methodologies
• Apply OSSTMM, OWASP, NIST, PTES, and ISSAF methodologies as appropriate to engagement type, scope, and client requirements
• Leverage a broad toolset for reconnaissance, exploitation, post-exploitation, and lateral movement to conduct comprehensive penetration tests
• Apply MITRE ATT&CK framework to map adversary TTPs, structure engagement findings, and inform defensive recommendations
• Coordinate Blue and Purple Team activities; collaborate with defensive teams to validate detection coverage and improve security posture based on test findings
• Produce clear, thorough penetration test reports with well-documented findings, risk ratings, and actionable remediation guidance for technical and executive audiences
• Manage penetration testing projects and tasks against tight deadlines; lead and mentor junior testers on engagements
• Develop and maintain standard operating procedures, test plans, and technical documentation for penetration testing operations
• Stay current on offensive techniques, adversary tradecraft, vulnerability research, and emerging attack surfaces relevant to the federal environment

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
• Minimum 5 years of hands-on penetration testing experience; 7 years preferred
• Experience in a management or team lead role, managing penetration testing projects and tasks against tight deadlines
• Active Secret clearance

• Demonstrated experience with continuous penetration testing methodologies across diverse target environments
• Experience planning and conducting Red Team engagements, including scoping, rules of engagement, adversary emulation, and post-engagement reporting
• Experience conducting High Value Asset (HVA) assessments in federal environments
• Hands-on experience with IoT device penetration testing methodologies
• Experience with mobile device application penetration testing across iOS and/or Android platforms
• Experience penetration testing federal and commercial cloud environments (AWS, Azure, GCP, or GovCloud)
• Knowledge of Red, Blue, and Purple Team assessment processes and how offensive findings translate to defensive improvements
• Proficiency with MITRE ATT&CK framework applied to engagement planning, TTP mapping, and findings documentation
• Working knowledge of OSSTMM, OWASP, NIST, PTES, and ISSAF penetration testing methodologies
• Proficiency with industry-standard penetration testing toolsets for reconnaissance, exploitation, post-exploitation, and reporting

• Senior-level technical operator: you lead engagements, not just execute tasks, and your findings hold up under scrutiny
• Methodical and disciplined — you work within rules of engagement, document everything, and don't cut corners under deadline pressure
• Strong communicator: your reports are clear, risk-rated, and written for the audience, whether that's a CISO or a sysadmin
• Collaborative with defensive teams — you see Purple Team work as a force multiplier, not an afterthought

The following certifications are required:

• GPEN (GIAC Penetration Tester) or GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

• GRTP, CRTL, OSCP (Offensive Security Certified Professional), CRTP, CMWAPT, CEPT, CPT, or LPT

• Must hold or be able to obtain CISA AES HVA Assessment Lead or Technical Lead certification

• Both GPEN and GXPN, or additional GIAC offensive certifications (GWAPT, GMOB, GCLOUD)
• OSEP (Offensive Security Experienced Penetration Tester) or OSED (Offensive Security Exploit Developer)
• Experience conducting HVA assessments as Assessment Lead or Technical Lead under CISA AES
• Familiarity with Zero Trust Architecture from an offensive assessment perspective
• Experience with AI/ML system security testing or emerging attack surfaces
• Active TS/SCI clearance

#DICE #LinkedIn