Penetration Testing - SME
Location: Remote / Hybrid / Travel as Required
Security Requirement:
Must be eligible to obtain and maintain an HHS Tier 4 High Risk Public Trust.
Position Summary
EnDyna is seeking a highly experienced Penetration Testing Subject Matter Expert (SME) to provide technical leadership supporting the HHS Office of Inspector General Cyber Assessment Team.
The SME will lead complex penetration testing engagements, provide technical consulting to Federal auditors, develop testing methodologies, mentor penetration testers, deliver cybersecurity training, and serve as a trusted advisor to Government leadership.
Primary Responsibilities
Technical Leadership
- Lead penetration testing engagements
- Develop attack strategies
- Review Rules of Engagement
- Provide technical oversight
- Review testing methodologies
- Ensure technical quality
- Mentor penetration testers
- Validate technical findings
Advanced Penetration Testing
Lead and perform:
- Red Team operations
- Advanced exploitation
- Cloud security testing
- AI security testing
- Active Directory attacks
- Wireless testing
- Mobile security
- Web application assessments
- Social engineering assessments
- Container security testing
- Internal network assessments
- External network assessments
Technical Consulting
Serve as cybersecurity advisor to OIG auditors by:
- Providing technical guidance
- Supporting complex audits
- Evaluating security architectures
- Reviewing vulnerability data
- Advising on remediation strategies
- Supporting Cyber Range activities
Reporting
Lead development of:
- Executive briefings
- OARS findings
- Penetration test reports
- Conclusions memoranda
- Attack confirmation lists
- Risk analyses
- Technical recommendations
Training
Develop and deliver:
- 4–5 day penetration testing courses
- Hands-on laboratories
- Live exploit demonstrations
- Capstone exercises
- Instructor coaching
- Training materials
- Student guides
- Presentation slides
Technical Expertise
Demonstrated expertise in:
- Offensive Security
- Threat emulation
- Adversary tactics
- Cloud security
- Active Directory
- Application security
- Network security
- Secure development
- Risk management
- Federal cybersecurity
Minimum Qualifications
- Bachelor's degree
- Master's preferred
- 10+ years of penetration testing experience
- 5+ years leading technical teams
- Experience supporting Federal agencies
- Extensive report writing experience
- Strong presentation skills
Highly Desired Certifications
One or more advanced certifications:
- OSCE3
- OSEP
- OSEE
- GXPN
- GPEN
- CISSP
- GREM
- CRTO
- CARTP
- CARTC
Preferred Experience
Experience with:
- HHS
- OIG
- DHS
- Federal Inspector General organizations
- NIST SP 800-115
- Federal auditing
- Cyber Range environments
- Offensive security consulting