Penetration Tester III

As a Penetration Tester III at Revolutional, you are a senior offensive security practitioner with the range to operate across network, application, cloud, mobile, and IoT environments - and the experience to lead the engagements, not just execute them. You plan and conduct Red Team operations, High Value Asset assessments, and continuous penetration testing programs against complex federal infrastructure, and you produce findings that drive real security improvements., * Plan, lead, and execute penetration tests across network, application, cloud, mobile, and IoT environments using continuous penetration testing methodologies

• Conduct and lead Red Team engagements end-to-end: scoping, planning, execution, post-engagement analysis, and reporting
• Perform High Value Asset (HVA) assessments in accordance with CISA AES HVA assessment standards and methodologies
• Execute penetration tests against federal and commercial cloud environments, mobile device applications, and IoT devices using appropriate platform-specific methodologies
• Apply OSSTMM, OWASP, NIST, PTES, and ISSAF methodologies as appropriate to engagement type, scope, and client requirements
• Leverage a broad toolset for reconnaissance, exploitation, post-exploitation, and lateral movement to conduct comprehensive penetration tests
• Apply MITRE ATT&CK framework to map adversary TTPs, structure engagement findings, and inform defensive recommendations
• Coordinate Blue and Purple Team activities; collaborate with defensive teams to validate detection coverage and improve security posture based on test findings
• Produce clear, thorough penetration test reports with well-documented findings, risk ratings, and actionable remediation guidance for technical and executive audiences
• Manage penetration testing projects and tasks against tight deadlines; lead and mentor junior testers on engagements
• Develop and maintain standard operating procedures, test plans, and technical documentation for penetration testing operations
• Stay current on offensive techniques, adversary tradecraft, vulnerability research, and emerging attack surfaces relevant to the federal environment

Do you have a Bachelor's degree?, You bring 5 to 7+ years of hands-on penetration testing experience, deep familiarity with industry-standard methodologies, and the technical credibility to lead a team under operational pressure. You think like an adversary, work within rules of engagement, and translate what you find into clear, actionable reporting for both technical and executive audiences., * Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)

• Minimum 5 years of hands-on penetration testing experience; 7 years preferred
• Experience in a management or team lead role, managing penetration testing projects and tasks against tight deadlines
• Active Secret clearance, * Demonstrated experience with continuous penetration testing methodologies across diverse target environments
• Experience planning and conducting Red Team engagements, including scoping, rules of engagement, adversary emulation, and post-engagement reporting
• Experience conducting High Value Asset (HVA) assessments in federal environments
• Hands-on experience with IoT device penetration testing methodologies
• Experience with mobile device application penetration testing across iOS and/or Android platforms
• Experience penetration testing federal and commercial cloud environments (AWS, Azure, GCP, or GovCloud)
• Knowledge of Red, Blue, and Purple Team assessment processes and how offensive findings translate to defensive improvements
• Proficiency with MITRE ATT&CK framework applied to engagement planning, TTP mapping, and findings documentation
• Working knowledge of OSSTMM, OWASP, NIST, PTES, and ISSAF penetration testing methodologies
• Proficiency with industry-standard penetration testing toolsets for reconnaissance, exploitation, post-exploitation, and reporting, * Senior-level technical operator: you lead engagements, not just execute tasks, and your findings hold up under scrutiny
• Methodical and disciplined - you work within rules of engagement, document everything, and don't cut corners under deadline pressure
• Strong communicator: your reports are clear, risk-rated, and written for the audience, whether that's a CISO or a sysadmin
• Collaborative with defensive teams - you see Purple Team work as a force multiplier, not an afterthought

Certifications

The following certifications are required:

Group 1 - Primary (one required)

• GPEN (GIAC Penetration Tester) or GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

Group 2 - Supplemental (one required)

• GRTP, CRTL, OSCP (Offensive Security Certified Professional), CRTP, CMWAPT, CEPT, CPT, or LPT, * Both GPEN and GXPN, or additional GIAC offensive certifications (GWAPT, GMOB, GCLOUD)
• OSEP (Offensive Security Experienced Penetration Tester) or OSED (Offensive Security Exploit Developer)
• Experience conducting HVA assessments as Assessment Lead or Technical Lead under CISA AES
• Familiarity with Zero Trust Architecture from an offensive assessment perspective
• Experience with AI/ML system security testing or emerging attack surfaces
• Active TS/SCI clearance

Pulled from the full job description

• Paid parental leave
• Parental leave
• Health insurance
• 401(k) matching
• Paid time off
• Vision insurance
• 401(k) 5% Match, Here at Revolutional we are pleased to have been repeatedly recognized for our outstanding work culture, the innovative work we do, and the employees on our team who make a difference each day. Some of these recognitions include:
• Recognized as a Top 20 "Best Place to Work in Virginia"
• Recipient of Department of Labor's HireVets Gold Medallion
• Great Place to Work Certification for five years running
• A Virginia Chamber of Commerce Fantastic 50 company
• A Northern Virginia Technology Council Tech 100 company
• Inc. 5000 list of fastest growing companies for eleven years
• Two-time SBA SBIR Tibbett's Award winner
• Virginia Values Veterans (V3) Certification

We recognize that every bit of our success is the result of our teams of hard-working, motivated, and innovative professionals who are proud to call themselves part of the Revolutional family! In addition to competitive compensation, a family-focused culture, and a dynamic, productive work environment, we offer all full-time employees a variety of benefits including, but not limited to

• Traditional and HSA- eligible medical insurance plans
• 100% employer-paid dental and vision insurance options
• 100% employer-sponsored STD, LTD, and life insurance
• 5% 401(k) company matching
• Flexible-schedules and teleworking options
• Paid holidays and PTO Accrual Plans
• Paid Parental Leave
• Professional development and career growth opportunities Team and company-wide events, recognition, and appreciation
• • and so much more!

Check out our Revolutional | LinkedIn to find out a little more about who we are and if we are the right next step for your career!

Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes. We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.