We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
ANALYGENCE jobs

Penetration Tester

ANALYGENCE
United States, Texas, San Antonio
3515 South General (Show on map)
Feb 24, 2026

The Air Combat Command's 67th Cyberspace Wing (67 CW), 346th Test Squadron (346TS) plans, executes, and contributes as both an operational and participating test organization in a full array of operational tests of various cyber weapons in coordination with the 318 Range Squadron (318RANS) who provides instrumented cyber range services, through both physical hardware and virtual systems.

In support of this mission, Tharros has an immediate opportunity for aPenetration Tester who specializes in testing software systems - web apps, applications and databases, for security weaknesses before they can be exploited. In this role you will be responsible for performing security audits, risk assessments and analyses with adherence to DISA STIGs, NIST, and industry best practices; duties to include vulnerability and compliance inspections to include, but not limited to scanning the network to identify active devices, fingerprint applications, operating systems and databases, identifying vulnerabilities, analyzing the results, manually verifying findings to eliminate false positives or negatives, capturing artifacts such as screen captures, etc., to provide evidence for each exploitable vulnerability, etc. Candidate must also be able to adequately "tell the story"of how the vulnerability was exploited and what the overall impact would be to particular hosts or networks.

Duties:


  • Conduct vulnerability, compliance and in-depth penetration testing, on AF/DoD systems (i.e., Microsoft Windows and UNIX based platforms), Database Management Systems (DBMS) schemas (e.g., MS SQL Server, Oracle, PostgreSQL, MySQL (Maria DB), Mongo DB, Sybase, IBM DB2, SQLite, FireBird, and Informix), Web servers (e.g. Ngix, Apache HTTP Server, JBoss, LiteSpeed, Microsoft IIS, and Caddy), and Application Servers (e.g. Apache Tomcat, Nod.js, Lighttpd, Eclipse Jetty, etc.) in support of Cooperative Vulnerability and Penetration Assessments (CVPA).
  • Analyze and reverse engineer Web application code to discern weaknesses for exploit development, document and transition results in reports, presentations and technical exchanges.
  • Possess strong understanding of UNIX/Linux fundamentals along with familiarity of the UNIX/Linux/Windows CLI.
  • Demonstrated ability to methodically analyze problems and identify potential solutions.
  • Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit.
  • Analyze and evaluate DBMS schemas and current or proposed configurations to discern cybersecurity weaknesses for exploitation such as SQL injection, misconfigurations, and weak access controls; formulate recommendations for enhancing web and database internal and external security; document and transition results in reports, presentations, and technical exchanges.
  • Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
  • Craft recommendations for customer to prevent/mitigate attempted breaches of database security and database security weaknesses.
  • Render guidance on formulating security policies, procedures, along with tactics, techniques and procedures to enhance data and database protections.
  • Possess good writing and communications skills, with attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations.
  • Demonstrate an ability to methodically analyze problems, identify solutions and remain composed in potentially stressful situations.
  • Adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability.
  • Exhibit good writing and communications skills, to include the ability to render concise reports, summaries, and formal oral presentations.
  • Understand and be proficient in common cyber threat terminology, methodologies, possess basicunderstanding of cyber incident and response, and related current events.
  • Travel up to 25% supporting customer assessments ranging from 1-4 weeks, with the majority being 1-2 weeks in duration.
  • Current Top Secret clearance with SCI eligibility.
  • Bachelor's degree in a related field and a minimum of 8-12 years of experience providing related penetration testing services.
  • IAT Level III certification required(CASP, CISSP+, CISA, etc.).
  • Must be able to support travel up to 25% (1-3 weeks in duration).
  • Must possess a CSSP-Auditor (C|EH, CySA, CISA, GSNA) certification within 6 months.
  • Must obtain a Microsoft and UNIX/Linux certification within 6 months.
  • Must possess a database certification (e.g., MS SQL Server, OCP, CMDBA, MSDBA, etc.) within 6 months upon arrival on-site.
  • Database administrator experience (MS SQL Server, Oracle, PostgreSQL, etc.).
  • Ability to employ various capabilities such as SQLMap, Nmap, Hydra, Metasploit, and Burp Suite, to identify cybersecurity vulnerabilities in DBMS.
  • Strong knowledge of common infrastructure technologies and platforms such as: SQL, MS SQL, Oracle, MySQL, etc OSPF, BGP, TACACS, RADIUS, SNMP, etc.
  • Experience performing code review of the following: Java, JavaScript, C++, C#, Python, Perl, Regular Expressions, etc.
  • Hands on experience with web applications and database penetration testing.
  • Expert knowledge of cyber security risks related to Web applications, Web services, Web browsers, databases, and client/server architectures.
  • Experience with application security tools like: HTTP and TCP proxies, fuzzers, scanners, debuggers, simulators, etc.
  • Experience crafting custom application exploits or scripting exploits in Python, Perl, Javascript, Shell scripting, etc.
  • Solid understanding of encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture.
  • Work experience with developing proof-of-concept exploit examples to use within reports or live demonstrations.
  • Must complete skills assessment lab prior to hire.
  • Self-motivated with minimal supervision.


Preferred Requirements:


  • Analytical with the ability to understand and implement customer objectives
  • Familiarity with NIST, RMF, DISA STIGs and experience in conducting DoD vulnerability and compliance assessments
  • Experience or familiarity with military operations highly desirable
Applied = 0
MORE JOBS LIKE THIS

(web-54bd5f4dd9-d2dbq)