Penetration Tester, Lead

Lead Penetration Tester

woodcons.com

Location: Annapolis Junction, Maryland

Job Type: Full-Time

Shift: Days

Telework: None

Salary Range: **$140,000 to $200,000

*** Starting salary is based on minimum education and years of experience and increases based on education and/or experience.

At WOOD Federal Solutions, we defend and transform mission-critical systems for the nation’s most trusted customers. We’re seeking a Lead Penetration Tester to join a high-performing agile team leveraging the Scaled Agile Framework (SAFe) to secure large, complex enterprise programs.

As part of our cyber excellence group, you will lead penetration testing efforts across diverse environments — identifying vulnerabilities, strengthening defenses, and shaping the next generation of proactive cyber resilience. This role blends hands-on testing, strategic risk analysis, and technical leadership in support of secure architectures, continuous modernization, and mission assurance.

If you thrive on uncovering weaknesses before adversaries do — and enjoy translating technical insight into actionable defense strategies — you’ll find your impact amplified here.

Application Process: Interested candidates should submit their resume detailing their qualifications and experience.

Security Clearance Requirements:

This position requires all candidates to be U.S. Citizens and possess an active TS/SCI Security Clearance with a Polygraph.

** Last poly must be within last 6 years - No CCA's.

• Conduct internal and external penetration tests on enterprise systems, applications, and networks to identify vulnerabilities and develop mitigation strategies.

• Perform web application, physical, and social engineering assessments to evaluate system resilience and human factors.

• Design, develop, and implement secure system architectures that meet stringent DoD and IC cybersecurity standards.

• Propose, assess, and enforce security policies, standards, and best practices across enterprise environments.

• Lead risk assessments, vulnerability scanning, and remediation planning for complex network infrastructures and software systems.

• Analyze and interpret security events to identify potential threats and recommend countermeasures.

• Serve as a Subject Matter Expert (SME) in security architecture — advising program managers, customer technical leads, and internal development teams.

• Collaborate closely with system engineering, test, and integration teams to embed cybersecurity principles throughout the software development lifecycle.

• Evaluate the impact of new development efforts on the operational security posture and recommend appropriate security controls.

• Produce and present technical reports, vulnerability assessments, and executive briefings to stakeholders.

Basic Qualifications

• Extensive hands-on experience performing IT security risk assessments and penetration testing across enterprise networks and applications.

• Proficiency with penetration testing tools, including Burp Suite, WebInspect, AppDetective, and Kali Linux.

• Practical experience in web development and programming languages such as Java, XML, Perl, and HTML.

• Strong scripting and automation skills in Python, PowerShell, C, or JavaScript.

• Experience analyzing vulnerabilities discovered through automated scanning tools and developing effective remediation strategies.

• Familiarity with IPS/IDS solutions, network defense technologies, and secure configurations for desktop and server operating systems.

• Solid understanding of the Cyber Kill Chain methodology and the Risk Management Framework (RMF).

• Proven ability to collaborate with cross-functional technical teams and communicate complex security concepts to both engineers and non-technical stakeholders.

• Demonstrated success managing multiple projects in dynamic, mission-critical environments.

Preferred Qualifications

• Bachelor’s degree in a technical or information assurance field with 12+ years of relevant experience.
• One or more of the following industry certifications strongly preferred:
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • Certified Web Application Defender (GWEB)
  • Certified Information Systems Security Professional (CISSP)
• Experience developing and implementing integrated security management processes, such as network penetration testing, antivirus strategy, risk analysis, and incident response.
• Background providing information assurance support for application development — including firewall design, secure coding evaluations, and system certification support.
• Familiarity with Agile or SAFe development environments, continuous integration pipelines, and DevSecOps principles.

Why Join Us?

At WOOD, we believe in AI-enabled innovation, human-centered leadership, and mission excellence. Here, your work directly impacts national security, and your ideas shape the future of technology in government. We offer competitive compensation, professional development opportunities, and a culture built on trust, learning, and purpose.

Fringe Benefits:

• Health Insurance: Comprehensive medical, dental, and vision plans.
• Retirement Plan: 401(k) with company match.
• Paid Time Off: Generous PTO policy including vacation, sick leave, and holidays.
• Professional Development: Opportunities for training, certifications, and career advancement.
• Work-Life Balance: Flexible work schedules and remote work options.
• Wellness Programs: Employee assistance programs, wellness initiatives, and gym membership discounts.