We are seeking a mid-to-senior level penetration tester to support an upcoming engagement. This role requires a hands-on operator who can contribute both remotely and onsite as part of a collaborative team.

The assessment scope focuses on enterprise infrastructure, with an emphasis on Windows/Active Directory environments, along with Linux systems and network-layer testing.

Location: Remote + Onsite in Richland, Washington.
Onsite Requirement: 1 week in June + 1 week in July
Clearance: Not required (Secret preferred)
Responsibilities

• Perform hands-on penetration testing across Windows, Active Directory, Linux, and network environments
• Identify, exploit, and document vulnerabilities in enterprise infrastructure
• Conduct Active Directory attack path analysis (privilege escalation, lateral movement, persistence)
• Collaborate with team members during testing operations and deconflict activities as needed
• Provide clear, actionable documentation of findings, including risk and remediation guidance
• Support remote testing activities leading up to onsite engagements
• Participate in onsite testing  during scheduled engagement weeks

Required Qualifications

• 5 years of experience in penetration testing, red teaming, or offensive security
• Strong hands-on experience with:
  • Windows and Active Directory exploitation
  • Linux systems
  • Network penetration testing
• Proficiency with common offensive security tools and frameworks (e.g., C2 frameworks, AD enumeration tools, exploitation toolkits)
• Ability to work independently and as part of a team in a fast-paced environment
• Strong written and verbal communication skills.
• Experience with Vulnerability Research and Reverse Engineering
  Experience with Exploit Development, Fault Injection, and Embedded Systems
  Tools: IDA Pro, Radare, Ghidra, Binary Ninja, OllyDdg, Lautherbach, jtagulator, Segger J-Link

Preferred Qualifications

• Industry certifications such as:
  • OSCP
  • OSEP
  • CRTO
  • GPEN
• Prior experience supporting federal or national laboratory environments
• Active Secret clearance (nice to have, not required)

Engagement Details

• Start: Immediate (remote support)
• Onsite Travel: Required for two separate one-week engagements (June and July)
• Hours: Part-time, flexible (aligned to project milestones)

What We’re Looking For

• A hands-on operator, not just a tool runner
• Someone comfortable working in Active Directory-heavy environments
• A team player who can integrate quickly and contribute effectively