Hiring - Penetration Testing Lead

Hi Greetings from BizTech Fusion! BizTechFusion, LLC (BTF) is executing a full-scope cybersecurity penetration testing engagement for our clients. The internal network spans a /16 network across 40,000+ devices at 50+ locations and administrative facilities. External scope is a /24 network with 1 domain. Engagement is black-box external / grey-box internal hybrid, with full exploitation authorized including privilege escalation, lateral movement, and data access. This is an aggressive, enterprise-grade engagement not a compliance scan. Position Title: Penetration Testing Lead Location: Remote (US Region, Eastern Time) Duration: 12 Month Contract with possible renewal Tax: W2, 1099 Note: US-based personnel mandatory

Job Description

Responsibilities

• Lead all phases of internal and external network penetration testing
• Conduct black-box external assessment against the /24 network and 1 domain
• Execute grey-box internal assessment across the /16 network (~40,000 devices)
• Perform wireless penetration testing across 6 SSIDs at ~50 sites, including 4 on-site visits
• Evaluate the Fortinet firewall configuration and rule set
• Execute full exploitation chain: reconnaissance, initial access, privilege escalation, lateral movement, data exfiltration simulation
• Follow written Rules of Engagement approved by NNPS Executive Director of Technology before testing begins
• Produce technical findings report with CVSS-scored vulnerabilities, exploitation evidence (screenshots, tool output), and prioritized remediation guidance
• Participate in debrief session with NNPS IT leadership
• Provide post-delivery consultation for remediation questions during the 30-day follow-on window

Required Qualifications

• OSCP (Offensive Security Certified Professional) strongly preferred; CEH or GPEN acceptable
• Minimum 5 years of hands-on penetration testing experience
• Demonstrated experience with large internal network engagements (10,000+ devices)
• Proficiency with: Metasploit, Cobalt Strike or equivalent C2 framework, BloodHound/SharpHound, Nmap, Nessus or OpenVAS, Responder, Impacket
• Wireless pen testing experience (WPA2-Enterprise, captive portal bypass, evil twin attacks)
• Experience writing professional technical findings reports suitable for both executive and technical audiences
• US-based; must be able to travel to Newport News, VA for on-site wireless testing visits

Preferred Qualifications

• Experience testing K-12 or public sector networks
• GPEN, GXPN, or OSEP certification
• Familiarity with NIST SP 800-53 Rev 5 reporting framework
• Experience with Active Directory attack paths in large domain environments

Apply tot his job Apply To this Job