Information Technology -> Cyber
Remote
•
ID: 922-383
•
Full-Time/Regular
As a Zero-Trust Offensive Security Lead, you will be at the forefront of validating and stress-testing the “never trust, always verify” security model across our customers’ networks, systems, and applications. Your role is critical in proving the resilience of Zero-Trust architectures against advanced threats, ensuring that every user, device, and service is continuously authenticated, authorized, and monitored.
You will serve as the technical lead for penetration testing and threat emulation engagements — supervising your assessment team, interfacing directly with customers, and guiding them in strengthening least privilege, micro-segmentation, and continuous verification controls. Primary work will support the Department of Defense (Navy), with additional opportunities to lead commercial sector engagements.
This is more than a penetration testing role—it’s about challenging the assumptions of trust in modern architectures and proving the effectiveness of Zero-Trust implementations in the most demanding environments. You won’t just find vulnerabilities; you’ll help organizations architect and validate security with the assumption of compromise at its core.

Key Responsibilities

• Lead and execute offensive security operations designed to validate Zero-Trust principles across internal, external, cloud, and hybrid environments.
• Simulate advanced adversary tactics to identify weaknesses in identity management, segmentation, and trust boundaries.
• Perform vulnerability analysis, exploitation, and custom test development to challenge authentication, authorization, and monitoring controls.
• Design and conduct scenario-based penetration tests and Purple Team exercises to measure detection and prevention capabilities against MITRE ATT&CK-mapped threats.
• Deliver detailed reports and executive briefings, prioritizing remediation strategies that advance the customer’s Zero-Trust maturity.
• Collaborate with SOC and IR teams to ensure findings feed into continuous monitoring and adaptive policy enforcement.
• Perform reverse engineering or malware analysis to develop defensive measures tailored to endpoint and network trust validation requirements.

Required Qualifications

• Active DoD Top Secret clearance.
• Bachelor’s degree in a related field or 10+ years of relevant IT or cybersecurity experience.
• 7+ years of direct experience in penetration testing, red teaming, and vulnerability assessments.
• Proven expertise applying Zero-Trust security concepts in offensive security engagements.
• Scripting skills in Python, Ruby, Lua/NSE, and PowerShell for automation and custom testing.
• Experience developing Rules of Engagement, policies, and operational plans aligned with Zero-Trust governance.
• Familiarity with SOC/IR workflows and integration into continuous verification processes.
• Active DoD 8570 IAT Level II or greater, plus one or more of the following: OSCP, OSCE, OSWA, OSWE, GPEN, GXPN, GWAPT.
• Deep knowledge of vulnerabilities, attack vectors, and mitigations, especially those impacting identity, access control, and segmentation in Zero-Trust designs.
• Proficiency with offensive security tools such as Nmap, Kali Linux, Metasploit, Cobalt Strike, and Burp Suite.

Preferred Qualifications

• Experience in Red and Purple Team testing methodologies.
• Familiarity with MITRE ATT&CK and D3FEND frameworks.
• Experience emulating APT campaigns to test Zero-Trust enforcement.

• Lead and execute offensive security operations designed to validate Zero-Trust principles across internal, external, cloud, and hybrid environments.
• Simulate advanced adversary tactics to identify weaknesses in identity management, segmentation, and trust boundaries.
• Perform vulnerability analysis, exploitation, and custom test development to challenge authentication, authorization, and monitoring controls.
• Design and conduct scenario-based penetration tests and Purple Team exercises to measure detection and prevention capabilities against MITRE ATT&CK-mapped threats.
• Deliver detailed reports and executive briefings, prioritizing remediation strategies that advance the customer’s Zero-Trust maturity.
• Collaborate with SOC and IR teams to ensure findings feed into continuous monitoring and adaptive policy enforcement.
• Perform reverse engineering or malware analysis to develop defensive measures tailored to endpoint and network trust validation requirements