Cybersecurity Penetration Tester

• A minimum of 10 years of progressive experience in cybersecurity
• 5 years performing penetration testing or red team engagements.
• 5 years conducting network penetration testing, web application and API testing, internal and external vulnerability assessments and threat modeling and attack path analysis
• 5 years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance.
• 5 years supporting incident response investigations and validation testing.
• 5 years with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Nessus, etc.)
• Strong knowledge of Secure coding practices, Application security testing (SAST/DAST concepts), Network architecture and segmentation and Identity and access management concepts
• 5 years of demonstrated scripting or development ability in at least one language (e.g., Python, C/C++, PowerShell, Bash).
• 5 years of working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK and OWASP Top 10
• 5 years of experience mapping findings to security control frameworks.
• At least one recognized offensive security certification (e.g., OSCP, GPEN, GXPN, CEH, or major experience can substitute for certification).
• Demonstrated ability to communicate technical findings to executive and non-technical audiences, and provide actionable remediation recommendations.
• Demonstrated experience working in highly regulated environments.

Preferred Skills

• A minimum 8 years of experience in Advanced Offensive Security:

• Experience leading red team engagements.
• Experience performing adversary emulation exercises.
• Experience conducting phishing and social engineering simulations.
• Experience performing purple team exercises

• 5 years of experience in Zero Trust & Architecture:

• Experience designing or assessing Zero Trust implementations.
• Experience evaluating micro-segmentation strategies and identity-centric controls.

• 5 years of experience in Cloud & Modern Infrastructure:

• Experience performing security assessments in AWS or Azure environments, Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments
• Experience testing CI/CD pipelines.

• 10 years of experience in Software Development Depth:

• Strong low-level development knowledge (kernel, assembly, embedded systems) that supports advanced exploit analysis.
• Experience reviewing source code in JAVA or other compiled languages for vulnerabilities.

• Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments

Early leverages Generative AI to accelerate development, enhance code quality, and speed up time-to-market. Early's AI-Agent for test code generates automated, comprehensive, cost-effective working tests, catching bugs early, expanding code coverage, and improving overall quality.