Penetration Test Lead

Penetration Testing Lead
Falls Church, Virginia.
Full-time.

Important Notice: This position is contingent upon contract award.

Summary:
Penetration Test Leads plan and execute complex offensive security assessments identifying exploitable vulnerabilities before adversaries can. This role leads penetration testing engagements, develops testing methodologies, coordinates with system owners, and produces comprehensive penetration testing reports. Pen Test Leads possess advanced offensive security skills and ensure testing is conducted safely without impacting production operations.

Key Responsibilities:

• Plan and scope 15-30 penetration testing engagements annually.
• Execute network penetration tests identifying exploitable vulnerabilities.
• Conduct web application security assessments (OWASP Top 10).
• Perform social engineering tests (phishing, vishing, physical security)
• Lead 2-4 major red team exercises annually.
• Identify 100-300 exploitable vulnerabilities annually.
• Document 10-40 critical/high severity findings requiring immediate remediation.
• Produce 15-30 comprehensive penetration test reports annually.
• Conduct 50-150 vulnerability revalidation tests verifying fixes.

Performance Metrics:

• Annual Assessments: 15-30 penetration tests.
• Systems Tested: 30-80 systems assessed annually.
• Vulnerabilities Found: 100-300 exploitable issues identified.
• Critical Findings: 10-40 requiring immediate action.
• Assessment Reports: 15-30 comprehensive deliverables.
• Red Team Exercises: 2-4 major exercises annually.
• Remediation Validation: 50-150 retests annually.

Requirements:

• Clearance: Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS) based on network assignment.
• Education: Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Experience: 10+ years information security; 5+ years penetration testing experience
• Certifications: OSCP or GPEN required; OSCE, GXPN, GWAPT, or other offensive security certifications highly desired
• Technical Knowledge: Expert knowledge of penetration testing methodologies (PTES, OWASP, NIST 800-115), network protocols, web applications, exploitation techniques, security controls

About Advana:
Advana is the Department of Defense Chief Digital and Artificial Intelligence Office's (CDAO) enterprise-wide data, analytics, and AI platform. Advana provides DoD military and civilian decision makers with unprecedented access to enterprise data, tools, and capabilities in a secure environment. The platform hosts hundreds of curated applications across logistics, financial management, personnel, health, and other domains, accelerating decision advantage through accessible, actionable data and AI capabilities.

This position supports comprehensive cybersecurity operations for the Advana platform across three classified networks (NIPR, SIPR, JWICS).

Important Notes:

Position Status:

• This position is contingent upon contract award.
• Start date will be determined upon contract award.
• We will maintain contact with selected candidates throughout the award process.

Work Requirements:

• U.S. Citizen required.
• Clearance varies by network: Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS).
• On-premises work required at Suffolk Building, Falls Church, VA.
• No remote work options available.
• Standard business hours with operational flexibility.

Benefits:

• 4 Weeks Paid Time Off.
• All Federal Holiday’s Paid Vacation.
• Four Percent Matching 401K.
• Full health/vision/dental benefits for the employee and family paid 100% by ZTI Solutions, LLC.

We thank all applicants for their interest. Only candidates selected for interviews will be contacted.

About ZTI Solutions, LLC:

ZTI Solutions, LLC was founded in 1997 in Virginia and is classified as a small business. The company is owned and operated by its founder, Rudy Zadnik, who emphasizes moral and business excellence over increasing company profits. This results in a more customer-oriented attitude towards mission accomplishment, as opposed to growing profits or sales.Our approach to consulting and engineering centers around using only highly skilled personnel who are seasoned industry veterans. All employees hold high-level industry and vendor certifications. We offer a comprehensive set of consulting and staff augmentation services, primarily focused on networking and security consulting in the classified space.