Shieldsurge is currently recruiting for the following open position:

Position: Penetration Testing Engineer for U.S. Federal Government Agency’s Red Team

Location: Washington, DC (on-site). Candidate must reside in or be willing to relocate to D.C./Maryland/Virginia metro area.

How to apply: To apply, exploit the vulnerable machine located at:

Job Description:

Shieldsurge Consulting is hiring a Penetration Testing Engineer to work on a red team at a U.S. Federal Government Agency. The Penetration Testing Engineer will work on a team of penetration testers supporting a federal client’s enterprise penetration testing program to regularly probe the client’s IT infrastructure for exploitable vulnerabilities. Everything is in scope: workstations, servers, the client’s 50+ major applications, network devices, wireless access points, telecoms/VOIP, mobile devices, and electronic physical access controls.

The penetration testing team tests all facets of the client’s network enterprise. The team creates custom exploits to find and demonstrate weaknesses in the client’s in-house applications, creates customized malware payloads designed to evade antivirus and other security monitoring tools in order to identify coverage gaps and improve security controls, and conducts spear phishing exercises to test the SOC’s incident response effectiveness and user security awareness. The penetration team also participates in CTF competitions at the various security conferences in the region.

In addition to adversary simulation activities, the penetration team also assists the security engineering team with optimally configuring the client’s enterprise security tools, and assists the SOC team with forensic analysis during high priority security events.

The ideal candidate will be proficient in vulnerability discovery and performing actual exploitation of both Windows and Linux systems. Familiarity with APT-style tactics such as performing post-exploitation reconnaissance and covert data exfiltration is also desirable.


  • Support federal client’s enterprise penetration testing program to test all facets of client’s IT infrastructure for exploitable weaknesses on a continuous basis.
  • Conduct system-specific penetration tests in support of A&A cycles.
  • Conduct regular spear phishing campaigns using weaponized payloads (Cobalt Strike Beacons) to measure and improve SOC’s incident response effectiveness and test users’ security awareness.
  • Conduct Purple Team adversary simulation exercises to help SOC staff practice recognizing and responding to APT-style TTPs, such as encrypted C2 communication, anti-virus evasion, and covert channel data exfiltration.
  • Compete as part of a team in various regional CTF competitions (BSides, ShmooCon, etc.)
  • Operate enterprise-grade and open-source penetration testing software, including:
    • Cobalt Strike
    • BloodHound AD
    • PowerShell Empire
    • Kali Linux tool suite
    • Other tools as applicable
  • Develop custom proof of concept exploit code/scripts to illustrate exploitable vulnerabilities.
  • Effectively interface with federal management and system owners to facilitate the successful planning and execution of regular penetration tests on the client’s 50+ major applications.
  • Assist with configuring security tools in support of cyber hunt capabilities.
  • Learn from other specialist security engineers to be able to assist with advanced incident response activities.

Required Skills:

  • Hands-on-keyboard penetration testing experience. (Running nmap and Nessus scans doesn’t count – must have experience actually exploiting target assets/popping shells, even if only in a lab environment.)
  • Proficiency with common open-source penetration testing tools such as the Kali Linux tool suite, i.e. Metasploit Framework, SQLmap, PowerShell Empire.
  • Understanding of common exploitation techniques such as SQL injection, XSS, pass-the-hash, etc.
  • Ability to craft custom exploits to provide proof of concept vulnerability validation.
  • Proficient scripting skills in Python, PowerShell, and/or Bash.
  • In-depth knowledge of common enterprise operating systems: Windows, Linux/Unix.
  • Ability to work well in a team environment.
  • Exceptional critical thinking and analytical skills – candidate must have the ability to fully learn and understand security measures and devise creative mechanisms to defeat them.
  • Ability to calculate and assess risk based on threats, vulnerabilities, and mitigating factors.
  • Self-starter with ability to work with little supervision.

Desired Skills:

  • OSCP certification (either obtained or in-progress).
  • Familiarity with non-Windows operating systems, i.e. Cisco IOS, Mac OSX, Android, Apple iOS, IBM Z/OS.
  • Familiarity with NIST SP 800-53 controls.
  • Bachelor’s degree or higher in Information Technology-related field.

Clearance Requirements:

Public Trust or the ability to obtain and maintain a Public Trust clearance. (Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly, U.S. Citizenship is required.)

How to apply: To apply, exploit the vulnerable machine located at:

Posted on: July 2, 2020