Position Overview We are seeking a highly skilled Penetration Tester to join our cybersecurity team serving our client in Camp Spring, MD. The ideal candidate will have extensive hands-on experience performing penetration tests and ethical hacking across Amazon Web Services (AWS), Microsoft Azure, and On-Premise environments. This role requires expertise in identifying vulnerabilities, exploiting them, and providing actionable recommendations to strengthen security postures. Note: This hybrid role requires the candidate to be on the client site at least one day per week, preferably on Tuesdays. Key Responsibilities Conduct comprehensive penetration tests on AWS, Azure, and on-premise systems, including networks, applications, APIs, and infrastructure. Perform reconnaissance, vulnerability scanning, exploitation, privilege escalation, and post-exploitation tasks. Collaborate with cross-functional teams to assess and validate security vulnerabilities. Develop, customize, and execute advanced attack scenarios tailored to client environments. Provide detailed reports, including an executive summary, technical findings, risk assessments, and actionable recommendations. Stay up-to-date with emerging threats, vulnerabilities, and trends in cybersecurity. Assist in building and enhancing penetration testing tools and methodologies. Deliver technical presentations and debriefs to stakeholders, translating complex findings into understandable terms. Ensure compliance with industry standards and frameworks like OWASP, NIST, and MITRE ATT&CK. Required Qualifications Security Clearance: Ability to obtain a Secret Clearance. Certifications: OSCP, OSCE, OSEE, OSWE, CRTO, GCPN, GPEN, AWS Certified Security - Specialty, or Microsoft Certified: Azure Security Engineer Associate are highly preferred. Experience: A minimum of 5 years of proven penetration testing and ethical hacking experience. Hands-on experience in penetration testing across AWS, Azure, and On-Premise environments. Strong understanding of APIs, DevOps pipelines, CI/CD systems, and secure cloud infrastructure. Technical Skills: Proficiency in penetration testing tools (e.g., Burp Suite Pro, Metasploit Framework, Kali Linux, Cloudsploit, Prowler, Scoutsuite, Pacu, CloudCheckr, AWS CLI, and Kali CLI, Tenable, and others). Advanced scripting and coding skills in Python, PowerShell, or Bash. Familiarity with web application vulnerabilities, OWASP Top 10, and secure coding practices. Expertise in API security testing and cloud-native vulnerabilities. Experience with Active Directory and enterprise network penetration testing. Education: Bachelor's degree in Cybersecurity, Software Development, Database Management, or related fields. Equivalent work experience may be considered in lieu of a degree. Preferred Qualifications Master's degree in Cybersecurity or a related field. Experience performing red teaming and adversary emulation exercises. Knowledge of compliance frameworks such as FISMA and NIST 800 Series. Demonstrated ability to write custom exploits and tools. Personal Attributes Strong problem-solving and analytical skills. Excellent communication skills, with the ability to convey technical findings to non-technical audiences. High attention to detail and a commitment to delivering quality results. Self-motivated and able to work independently or as part of a team. Compensation: At Graham Technologies, we believe in treating everyone with fairness and respect. Our compensation package is designed to ensure fair pay for work, reflecting our commitment to integrity. Many IT companies offer similar services, but what truly sets us apart is our people We care deeply about our employees and consistently show our appreciation-not just for the final outcomes, but also for the effort and dedication shown every step of the way. Additionally, our generous benefits package supports our team members in living fulfilling and prosperous lives. Here are just a few highlights of what we offer: Four Weeks of Accrued PTO in the First Year Ten Paid Federal Holidays Comprehensive Health, Dental, Vision, and Life Insurance 401(k) Plan with Annual Employer Contributions Flexible Schedules Reimbursements for Continued Education and Training Why Graham Technologies? Our core values define who we are: Value our Customers Care about our Employees Passionate about Innovation Believe in a Strong Work Ethic Rely on Teamwork Integrity Matters Founded in 2007, GTech is a consulting services firm passionate about delivering tailored solutions that meet our clients' needs and maximize the value of their investments. We achieve this by providing top-notch professionals across the IT industry. Our team embodies integrity, commitment, and reliability, which are at the heart of everything we do. We are also dedicated to fostering a culture of support for our employees-the lifeblood of our business. At Graham Technologies, we've built a family-oriented environment where team members are encouraged to maintain a healthy work-life balance, pursue their passions, and grow professionally through flexible schedules, continued education, and a strong sense of community.