Ashburn Consulting, LLC is seeking a Senior Systems Security Specialist to perform internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths, and other related tasks.Conduct internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths.Perform red team engagements simulating real-world adversary tactics, techniques, and procedures (TTPs) aligned with MITRE ATT&CK.Execute vulnerability assessments and validate remediation efforts through retesting and technical verification. Develop comprehensive penetration testing reports, including executive summaries, risk ratings, proof-of-concept evidence, and actionable remediation guidance.Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.Conduct secure configuration reviews of operating systems, network infrastructure, cloud platforms, and identity systems.Evaluate application security through dynamic and manual testing techniques, including authentication, session management, input validation, and access control testing. Review source code for security weaknesses and secure coding gaps, particularly in C/C, Python, Java, or similar languages.Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities.Support incident response activities by recreating attack chains, validating compromise scenarios, and identifying root causes. Assess Zero Trust implementations, micro-segmentation strategies, and identity-based security controls for effectiveness.Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience. Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization.Collaborate with engineering, DevOps, and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture.Contribute to the development of security policies, testing methodologies, and enterprise security standards.Support compliance efforts by mapping testing results to NIST, OWASP, CIS, or other applicable security frameworks.Participate in continuous improvement of penetration testing methodologies, tools, and adversary emulation strategies.Adhere to all security, change control, and MHBE Project Management Office (PMO) policies, processes, and methodologies.Note: The candidate must be flexible to work overtime, on-site/off-site, as needed, including weekends, holidays, and off-hours.
