Hiring - Penetration Testing Lead
Posted Today by BizTech Fusion
Negotiable
Undetermined
Remote
Remote
Summary: The Penetration Testing Lead at BizTech Fusion will oversee comprehensive cybersecurity penetration testing engagements, focusing on both internal and external networks. This role involves leading assessments across a large network of devices and producing detailed technical reports. The position requires significant experience in penetration testing and the ability to conduct various types of assessments, including wireless testing. The role is remote, with a contract duration of 12 months and potential for renewal.
Key Responsibilities:
- Lead all phases of internal and external network penetration testing
- Conduct black-box external assessment against the /24 network and 1 domain
- Execute grey-box internal assessment across the /16 network (~40,000 devices)
- Perform wireless penetration testing across 6 SSIDs at ~50 sites, including 4 on-site visits
- Evaluate the Fortinet firewall configuration and rule set
- Execute full exploitation chain: reconnaissance, initial access, privilege escalation, lateral movement, data exfiltration simulation
- Follow written Rules of Engagement approved by NNPS Executive Director of Technology before testing begins
- Produce technical findings report with CVSS-scored vulnerabilities, exploitation evidence (screenshots, tool output), and prioritized remediation guidance
- Participate in debrief session with NNPS IT leadership
- Provide post-delivery consultation for remediation questions during the 30-day follow-on window
Key Skills:
- OSCP (Offensive Security Certified Professional) strongly preferred; CEH or GPEN acceptable
- Minimum 5 years of hands-on penetration testing experience
- Demonstrated experience with large internal network engagements (10,000+ devices)
- Proficiency with: Metasploit, Cobalt Strike or equivalent C2 framework, BloodHound/SharpHound, Nmap, Nessus or OpenVAS, Responder, Impacket
- Wireless pen testing experience (WPA2-Enterprise, captive portal bypass, evil twin attacks)
- Experience writing professional technical findings reports suitable for both executive and technical audiences
- US-based; must be able to travel to Newport News, VA for on-site wireless testing visits
Salary (Rate): £60
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Hi
Greetings from BizTech Fusion!
BizTechFusion, LLC (BTF) is executing a full-scope cybersecurity penetration testing engagement for our clients. The internal network spans a /16 network across 40,000+ devices at 50+ locations and administrative facilities. External scope is a /24 network with 1 domain. Engagement is black-box external / grey-box internal hybrid, with full exploitation authorized including privilege escalation, lateral movement, and data access. This is an aggressive, enterprise-grade engagement not a compliance scan.
Position Title: Penetration Testing Lead
Location: Remote (US Region, Eastern Time)
Duration: 12 Month Contract with possible renewal
Tax: W2, 1099
Note: US-based personnel mandatory
Job Description
Responsibilities
- Lead all phases of internal and external network penetration testing
- Conduct black-box external assessment against the /24 network and 1 domain
- Execute grey-box internal assessment across the /16 network (~40,000 devices)
- Perform wireless penetration testing across 6 SSIDs at ~50 sites, including 4 on-site visits
- Evaluate the Fortinet firewall configuration and rule set
- Execute full exploitation chain: reconnaissance, initial access, privilege escalation, lateral movement, data exfiltration simulation
- Follow written Rules of Engagement approved by NNPS Executive Director of Technology before testing begins
- Produce technical findings report with CVSS-scored vulnerabilities, exploitation evidence (screenshots, tool output), and prioritized remediation guidance
- Participate in debrief session with NNPS IT leadership
- Provide post-delivery consultation for remediation questions during the 30-day follow-on window
Required Qualifications
- OSCP (Offensive Security Certified Professional) strongly preferred; CEH or GPEN acceptable
- Minimum 5 years of hands-on penetration testing experience
- Demonstrated experience with large internal network engagements (10,000+ devices)
- Proficiency with: Metasploit, Cobalt Strike or equivalent C2 framework, BloodHound/SharpHound, Nmap, Nessus or OpenVAS, Responder, Impacket
- Wireless pen testing experience (WPA2-Enterprise, captive portal bypass, evil twin attacks)
- Experience writing professional technical findings reports suitable for both executive and technical audiences
- US-based; must be able to travel to Newport News, VA for on-site wireless testing visits
Preferred Qualifications
- Experience testing K-12 or public sector networks
- GPEN, GXPN, or OSEP certification
- Familiarity with NIST SP 800-53 Rev 5 reporting framework
- Experience with Active Directory attack paths in large domain environments