10 Penetration Testing jobs in Washington

At Agile Defense we know that action defines the outcome and new challenges require new solutions. Thats why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.

Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agilityleveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nations vital interests.

Requisition #:

Job Title: Vulnerability Assessment Analyst III|Exempt

Job Title for Careers Page: Senior Tenable Security Engineer

Location: 14th and C Streets, SW Washington D.C., District of Columbia 20228 AND/OR 9000 Blue Mound Road, Fort Worth, TX 76131

Clearance Level: Active DoD -

Required Certification(s):

Tenable Vulnerability Management, Tenable Security Center, or Tenable OT Security certification is required.

CISSP or equivalent is required

SUMMARY: The Bureau of Engraving and Printings (BEP's) core mission is to design and manufacture high-quality security documents that meet customers' requirements for quality, quantity, and performance, as well as counterfeit deterrence. This position will serve as the Subject Matter Expert leading the development, improvement, integration, deployment, and ongoing maintenance of BEPs Vulnerability Management solution.

JOB DUTIES AND RESPONSIBILITIES

Design, develop, and customize Tenable security solutions to align with organizational security requirements and compliance needs.

Create and optimize vulnerability scanning policies, configurations, and dashboards to ensure comprehensive coverage of assets.

Continuously assess and enhance the effectiveness of Tenable tools by analyzing scan results, identifying gaps, and recommending improvements.

Update and refine scanning templates, asset groups, and vulnerability prioritization to reduce false positives and improve accuracy.

Stay updated on emerging threats, vulnerabilities, and Tenable product updates to incorporate best practices and new features.

Integrate Tenable solutions with other security tools and platforms, such as SIEM (e.g., Splunk, QRadar), ticketing systems (e.g., ServiceNow), and endpoint detection tools, to create a cohesive security ecosystem.

Plan and execute the deployment of Tenable solutions across multiple environments, ensuring minimal disruption to operations.

Monitor and maintain Tenable systems to ensure optimal performance, availability, and accuracy of vulnerability data.

Perform regular updates, patches, and upgrades to Tenable tools to address new vulnerabilities and maintain compliance.

Serve as the primary point of contact for Tenable-related queries, providing guidance to security teams, IT staff, and leadership.

Generate and present detailed vulnerability reports, metrics, and risk assessments to technical and non-technical audiences.

QUALIFICATIONS

Required Certifications

Tenable Vulnerability Management, Tenable Security Center, or Tenable OT Security certification is required.

CISSP or equivalent is required

Education, Background, and Years of Experience

Bachelors degree in Computer Science, IT, Business, Management, or related discipline from an accredited institution.

10 or more years experience in Bachelor's degree discipline. 8 or more years of experience with Tenable engineering and implementation.

ADDITIONAL SKILLS & QUALIFICATIONS

Required Skills

Experience with the administration of information systems.

Experience managing and leading technical projects.

Experience working in a cybersecurity program.

WORKING CONDITIONS

Environmental Conditions

Standard office building working within a cube and near co-workers.

Strength Demands

Sedentary 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Physical Requirements

Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; See

Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together.

What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.

We also believe in supporting our employees by offering a competitive and comprehensive benefits package. To explore the benefits we offer, please visit our website under the Careers section.

Happy - Be Infectious.

Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.

Helpful - Be Supportive.

Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.

Honest - Be Trustworthy.

Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.

Humble - Be Grounded.

Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.

Hungry - Be Eager.

Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.

Hustle - Be Driven.

Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

Description

The Leidos Digital Modernization group is looking for a Vulnerability Assessment Solutions Administrator . This exciting role focuses on managing and optimizing the ACAS (Assured Compliance Assessment Solution) system, a vital tool for vulnerability assessment and security auditing, particularly within the Department of Defense. You will ensure the system operates at its best, analyze scan results, and collaborate with various teams to address identified vulnerabilities.

If you thrive in a dynamic environment and want to make a significant impact, read on!

Leidos Digital Modernization Sector is dedicated to delivering enterprise IT, digital modernization, and cyber capabilities to meet essential operational and mission objectives for the Air Force, Space Force, and Defense Agencies.

Position Responsibilities:

• Proactively mitigate information risk by ensuring proper security, monitoring, and operation of Security Center servers and logs across NIPRNet and SIPRNet environments.

• Identify and secure ECAS Scanner servers and maintain operations within the CONUS theater.

• Conduct ACAS Agent scans and differential scans adhering to DISA best practices.

• Collaborate with subscriber sites to facilitate the Cyber Operational Readiness Assessment (CORA) process.

• Ensure the integrity of the operating system environment, focusing on SecurityCenters and Nessus scanners.

• Report compliance data to senior management in response to directives and taskings.

• Maintain effective communication with IT administration teams supporting both Cloud and on-premise server infrastructure.

• Associate Nessus scanners with the correct scan zones and repositories to enhance efficiency.

• Provide multi-tiered ACAS administrator support to various stakeholders.

• Troubleshoot application errors, operating systems, server hardware, network communications, and storage issues within the ACAS environment.

• Utilize diagnostic tools and logs to identify and resolve technical problems swiftly.

• Employ the Atlassian Suite to track issues impacting system operations and suggest corrective actions.

• Review system logs to identify scanning problems and recommend effective corrective measures.

• Continuously evaluate current ACAS implementations for scans, assets, analyses, and permissions.

• Assist in installing and maintaining configuration files, custom scan policies, plug-ins, and DISA STIGs to enhance vulnerability discovery capabilities.

• Plan, document, and coordinate the implementation of updated processes and best practices for ACAS operations and maintenance.

Basic Qualifications:

• Bachelor's degree with 8+ years of relevant experience, with consideration for extensive experience in lieu of a degree.

• Possess one professional certification as outlined in DISA IASE IAT Level II DoD 8570.01 Approved Baseline and one Cyber Security Service Provider baseline certification before employment.

• DISA ACAS certification is required.

• Familiarity with the Cyber Operational Readiness Assessment (CORA) process is preferred.

• Knowledge of VPN and Active Directory functionality.

• Excellent communication skills, both written and verbal, with strong team collaboration abilities.

• Understanding of imaging processes for PCs and Laptops, and basic authentication and IP CIDR setups.

• Ability to work effectively within a dynamic cross-organizational team.

• U.S. Citizenship is required, along with an active Secret clearance.

• Strong troubleshooting skills for diagnosing and managing desktop software and hardware issues.

Ready to break things (in a good way) and build them smarter? Join us at Leidos!

Original Posting: August 8, 2025

For U.S. Positions: This job requisition will remain open for at least 3 days, closing no sooner than 3 days after the original posting date.

Pay Range:

Pay Range $104,650.00 - $189,175.00

This pay range serves as a guideline only and does not guarantee compensation. Additional factors include job responsibilities, education, experience, skills, internal equity, and applicable laws.

Overview:
Quantum Research International, Inc. (Quantum ) is a certified DoD Contractor providing services and products to US/Alliedgovernments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space and Ground Support Systems; (3) Aviation Systems; (4) Missile Systems; (5) Artificial Intelligence/ Machine Learning Systems and Experimentation/Training; and (6) Audio Visual Systems and Services. Quantum's Corporate Office is in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen; MD; Colorado Springs, CO; Orlando, FL; Crestview, FL; Madison, AL, and Tupelo, MS.

Mission: s a member of the National Geospatial-Intelligence Agency (NGA) DEFENDER Computer Network Exploitation (CNE) team, the contractor executes computer network operations via penetration testing and emulating Advanced Adversaries, Insider Threats, and Purple Team against NGA systems for the purpose of strengthening information system security. Cyber Vulnerability Assessment Analysts will help develop and execute plans leveraging multiple cyber threat Tactics, Techniques and Procedures (TTP's) to breach and/or exfiltrate data in such a way as to minimize the risk of detection by a Security Operations Center (SOC). The positions also require the ability to protect data successfully exfiltrated from a targeted network and to provide mitigations to its exploits or observations that are resource-realistic, systemic, and actionable to buy down risk. This position is available immediately and supports the NGA onsite (no remote or hybrid) at NGA headquarters in Springfield, VA

Responsibilities:

• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Conduct and/or support authorized penetration testing on enterprise network assets.
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews (TSCM), TEMPEST countermeasure reviews).
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Requirements:

• TS/SCI clearance, subject to CI Polygraph.
• IAT Level 2 and Two Penetration Testing certifications (OSCP, GPEN, GWAT, GCIH, CEH, CEH Master, GPYC, LPT, CPT, etc)
• DoD 8570 IAT II certification
• Bachelor's degree. In lieu of degree, Sec+, GICSP, Cloud+, GCED, PenTest+, or GSEC may be accepted.
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Skill in assessing the robustness of security systems and designs.
• Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
• Skill in mimicking threat behaviors.
• Skill in the use of penetration testing tools and techniques.
• Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• Skill in reviewing logs to identify evidence of past intrusions.
• Skill in conducting application vulnerability assessments.
• Skill in performing impact/risk assessments.
• Skill to develop insights about the context of an organization's threat environment
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Desired/Preferred Skills:

• Experience with cloud technologies.

#LI-Onsite #LI-JL1

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Wintel servers that use Active Directory (AD) directory service to manage identities and relationships
• UNIX servers that are LDAP compliant
• RADIUS servers

1. Perform a credentialed scan of no more than 1500 systems.
2. Analyze scans to identify network & desktop vulnerabilities using COBIT 5 standards as a measurement;
3. Report the vulnerability immediately upon discovery of a critical vulnerability and recommend remedial steps within one (1) business day following discovery;
4. Submit a written report that:
   • Identifies vulnerability gaps
   • Recommends remedial steps required to bring the environment up to COBIT 5 standards;
5. Formally present findings to Entity Management.

• Wintel servers that use Active Directory (AD) directory service to manage identities and relationships
• UNIX servers that are LDAP compliant
• RADIUS servers

1. Perform a credentialed scan of no more than 1500 systems.
2. Analyze scans to identify network & desktop vulnerabilities using COBIT 5 standards as a measurement;
3. Report the vulnerability immediately upon discovery of a critical vulnerability and recommend remedial steps within one (1) business day following discovery;
4. Submit a written report that:
   • Identifies vulnerability gaps
   • Recommends remedial steps required to bring the environment up to COBIT 5 standards;
5. Formally present findings to Entity Management.

This job opportunity is part of an RFP process; candidates are invited to submit their resumes detailing relevant experience.

Job Title: Quality Assurance Analyst, Senior (Security and Non-Functional Testing)

Onsite Requirement : A couple of days onsite required and travel to different sites.

Job Summary: The QA Analyst, Senior will play a critical role in ensuring the performance, security, and compliance of modernized systems developed Applications Modernization Project. The QA Analyst will be responsible for planning, designing, and executing test plans that address non-functional testing areas such as load, stress, volume, security, penetration, and system performance to ensure compatibility, scalability, and compliance with client security and technical standards. This role requires hands-on experience in both manual and automated testing, with a strong focus on performance testing and compliance auditing. Familiarity with tools like Selenium, Microsoft Test Suite, and modern performance testing platforms is essential.

Key Responsibilities

• Analyze business and technical requirements to derive non-functional testing strategies.
• Develop and execute detailed performance test plans, security test scenarios, and load test cases using industry-standard tools.
• Conduct manual and automated regression testing across various environments, incorporating cross-browser and cross-device testing methodologies.
• Collaborate with developers, system architects, and the cybersecurity team to identify performance bottlenecks and security vulnerabilities.
• Perform penetration testing in alignment with client's Third-Party Information Security Requirements.
• Ensure cross-browser and device compatibility (desktop, tablet, mobile).
• Use Selenium and Microsoft Test Suite for test automation and ensure full coverage of user workflows and APIs.
• Create and maintain documentation on test execution, results, anomalies, and improvements.
• Work closely with the client QA lead and developers to incorporate testing into CI/CD pipelines and Agile workflows.
• Support integration of automated and performance test scripts into DevOps pipelines for continuous testing.
• Participate in the development of client-required security artifacts and reporting structures.
• Support certification and auditing requirements by maintaining detailed logs, evidence, and compliance documentation.

• 8+ years of experience in QA and software testing with a focus on non-functional and security testing.
• Proven experience with Microsoft Test Manager, Coded UI, or equivalent testing suites.
• Proficiency with Selenium, Microsoft Test Suite, and performance testing tools such as JMeter, LoadRunner.
• Experience in all three testing domains: Manual Testing, Automation Engineering, and Performance Testing.
• Strong understanding of modern performance testing tools (e.g., JMeter, LoadRunner) and security tools (e.g., Burp Suite, OWASP ZAP).
• Experience testing .NET-based web applications and APIs integrated with modern SQL databases.
• Familiarity with legacy systems migration and large-scale public sector modernization projects.
• ISTQB or equivalent QA certification.
• Demonstrated ability to support auditing and compliance testing, including regression, load, and performance testing aligned with certification requirements.
• Experience in government or education sector IT projects
• Familiarity with DB2 to SQL migration testing.
• Demonstrated knowledge of test automation frameworks and scripting languages.
• Understanding of client's technology environment, technical standards, and third-party security compliance frameworks is a plus.