Emulate adversary tactics, techniques, and procedures (TTPs) to validate security controls effectiveness,

develop rules of engagement, brief clients on findings and mitigation techniques

Key Responsibilities

• Perform technical security assessments of client environments which include (non-exclusive):

o Infrastructure Penetration Tests

o Vulnerability Assessments

o Web Application Tests

o Wireless Security Tests

o Social Engineering Campaigns (phishing, spearphishing, and pretexting)

o Public Cloud Hygiene Reviews

• Develop rules of engagement, and configure, tune, and operate industry standard assessment


• Coordinate, schedule, and support security testing requests

• Evaluate findings to determine applicability, saturation, and potential impact

• Analyze results and produce reports for clients

o Detailed technical reports for IT staff

o High-level summary presentations for executives

• Advise client stakeholders of findings and provide remediation guidance

• As appropriate, monitor remediation efforts of findings and communicate progress to


• As appropriate, work with client stakeholders to develop Plan of Action & Milestones (POA&M)

tracker to ensure identified weaknesses are addressed in a timely and cost-effective manner

• As needed, assist in cyber incident response for clients

Desired Skills

• Expertise creating exploits for vulnerabilities or demonstrated expertise using a scripting

language such as PowerShell, Python, Ruby, or Perl for penetration testing or incident response

• Expert in common vulnerability scanners, e.g. Nessus, OpenVAS, Qualys

• Expert in common penetration testing tools, e.g. Metasploit, Burp, ZAP

Experience Required

• Bachelor's degree or higher

• 3-5 years of experience in penetration testing or incident response

• One of the following active certifications: Exploit Researcher and Advanced Penetration Tester

(GXPN), Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional

(OSCP), Offensive Security Exploitation Expert (OSEE) or one or more years' experience responding to Advanced Persistent Threat (APT) type incidents

Link to full description here

About BW Cyber Services:

BW Cyber Services is a Veteran Owned/Veteran Friendly industry-leading cyber security consultancy providing targeted solutions to highly regulated industries. As an industry leader, our blue chip consultants understand the unique nexus between cybersecurity, operational risk, and regulatory compliance. As depicted below, BW Cyber Services offers a full spectrum of security services that include testing, assessments, compliance, education, policy, forensic and virtual Chief Information Officer outsourcing. BW Cyber Services provides extremely competitive compensation packages along with exceptional benefits (medical, 401k, vacation, etc.). We seek self-starters who are willing to learn quickly, work hard, and provide solid leadership by example. For additional information, please see our website at, follow us on or contact us at

How To Apply

Other Jobs from BW Cyber Services

BW Cyber Services

Penetration Tester/Red Team Leader

Full Time

BW Cyber Services

Cyber Cloud Security Architect

Full Time

Help us improve SACC by providing feedback about this job: Report an issue