Red Team/Penetration Tester

Arlington, Virginia, United States

Applications have closed
phia LLC logo
phia LLC

Posted 1 month ago

phia LLC is reviewing resumes of Red Team/Penetration Testers to join our team of qualified, diverse individuals. In this mid-level role, you will be conducting assessments across federal, state, and local government agencies. While the duration of assessments can vary based on the number and types of services requested, typical assessments will be 14-90 days in duration. We have the ability to consider both 1099 and W-2 employees for this position.

This work is in support of the Department of Homeland Security's (DHS) Vulnerability Management (VM) Division/ National Cybersecurity Assessments and Technical Services (NCATS) program providing vulnerability assessments, development of assessment methodologies, and technical program advisement.


  • Conduct vulnerability/pentesting assessments using approved tools, following approved methodology, scope, and rules of engagement.
  • Identify security vulnerabilities that could allow an attacker to compromise client information or systems.
  • Perform and assist with assessments of systems and networks within the enterprise, identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
  • Measure effectiveness of defense-in-depth architecture against known vulnerabilities and attack techniques.
  • Conduct and/or support authorized penetration testing on enterprise network assets with a focus on application security.
  • Follow procedures for penetration testing assessment for servers, endpoints, network appliances, and applications.
  • Perform application security assessments of key business services and provide written reports on the security posture of those systems.
  • Collaborate with senior team members and assessed organizations to identify and defend against common attack vectors.
  • Assist in the preparation of audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.


Key Experience

  • 3-5 years of hands-on work experience is preferred.
  • Bachelor’s degree in a technical specialty such as Cybersecurity, Computer Science, Management Information Systems, or related area of study is preferred.
  • Red Team experience or exposure is strongly desired.
  • Diverse experience in cybersecurity vulnerability assessments with a focus on application security assessments is expected.
  • Ethical hacking experience, including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews is expected.
  • Working knowledge of various operating systems, tools, and scripting languages such as *NIX, Windows, Kali Linux, Cobalt Strike, Metasploit, Nmap, Nessus, EyeWitness, WireShark, PowerShell, Python, etc.
  • Military, Intelligence Community, or Law Enforcement experience is a plus.
  • Ability to understand and follow Plans of Action and Milestones (POA&Ms) for vulnerability remediation.

Certification Requirements

  • At least one of the following industry certifications is required: OSCP, OSCE, GPEN, GXPN or equivalent.

Who You Are

  • A proactive problem solver that appreciates the challenges of working in a fast paced, dynamic environment.
  • You have the ability and desire to learn and advance your career.
  • Innate leadership skills with the ability to mentor and train junior staff members.
  • An effective communicator, both verbally and in writing. You are comfortable interacting with individuals at all levels of an organization.


  • Up to 50%; one week from local lab environment within Northern Virginia and one week at assessment organization onsite (typically CONUS).

Telework Eligibility

  • N/A

Security Requirements

  • This position will require U.S. citizenship and an active Secret clearance; DHS EOD eligibility will be required. Candidates must have the ability to obtain a Top Secret clearance (or higher) if required.


phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time (W-2) employees:

  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short Term & Long-Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Paid Holidays
  • Paid Time Off (PTO)
  • Tuition and Professional Development Assistance
  • Flex Spending Accounts (FSA)
  • Monthly Payroll
Job tags: Architecture Auditing Clearance Cobalt Strike Compliance Ethical hacking GPEN GXPN Incident response Kali Linux Metasploit Military Nessus Nmap OSCE OSCP Penetration testing Pentesting PowerShell Python Red team Security assessments Strategy Top Secret Top Secret Clearance Vulnerabilities Vulnerability management Windows
Job region(s): North America
Job stats:  12  0  0

More Information Security position highlights