← Back to all jobs
G

Penetration Tester

General Dynamics Information Technology

6h ago

0$123k - $167kOtherRemote, USjobspy_indeed
remoteindeed

Job Description

Clearance Level None Category Cyber and IT Risk Management Location Remote, Working from the USA Key Skills For Success Automated Testing AWS Cloud Computing Infrastructure Penetration Testing Security Controls Security Testing ##### **REQ\#:****RQ223925** ##### **Public Trust:****Other** ##### **Requisition Type:****Regular** ##### **Your Impact** Own your opportunity to work alongside federal civilian agencies. Make an impact by providing services that help the government ensure the well being and support of U.S. citizens. **Job Description** ------------------- The Penetration Tester supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by conducting security, penetration, and vulnerability assessments required prior to Application ATO (Authority to Operate). This role ensures that CMM applications—built using React, NodeJS, AWS cloud services, and microservices—meet federal security standards and demonstrate resilience against real‑world cyber threats. Working within Agile DevSecOps teams, the Penetration Tester performs hands‑on exploitation, validates security controls, identifies weaknesses, and collaborates with engineering teams to remediate findings. This role is critical to ensure that CMM systems comply with NIST 800‑53, RMF, and AO security requirements before production authorization. **Key Responsibilities:** * Perform application, API, and cloud penetration tests on CMM systems prior to ATO submission. * Conduct web, mobile, API, and microservices security testing using industry‑standard tools and manual exploitation techniques. * Execute AWS cloud penetration testing within approved boundaries (IAM, S3, Lambda, API Gateway, ECS/EKS, networking). * Perform static and dynamic analysis, including code review for security vulnerabilities. * Conduct credentialed and uncredentialed scans, privilege escalation testing, and lateral movement analysis. * Validate implementation of NIST 800‑53 controls, including AC, AU, IA, SC, SI, and CM families. * Support RMF Step 3 (Security Assessment) activities and provide evidence for ATO packages. * Identify vulnerabilities across application layers, cloud infrastructure, and CI/CD pipelines. * Work with developers, cloud engineers, and DevSecOps teams to validate fixes and retest vulnerabilities. * Provide detailed remediation guidance aligned with secure coding and cloud security best practices. * Track findings in Jira or equivalent tools and ensure closure prior to ATO milestones. * Prepare Security Assessment Reports (SAR), penetration test summaries, and risk findings for AO stakeholders. * Document exploitation steps, proof‑of‑concepts, and risk severity aligned with federal scoring methodologies. * Contribute to System Security Plans (SSP), POA\&Ms, and ATO evidence packages. * Support pre‑ATO readiness reviews, including control validation and security walkthroughs. * Participate in tabletop exercises,