Lead Penetration Tester – U.S. Public Sector Opportunity

We are pursuing a potential U.S. public sector cybersecurity opportunity in Michigan and have been invited to a client interview. The client has requested to meet the actual team members who would support the project if awarded. For this opportunity, we are looking to add an experienced Lead Penetration Tester / Offensive Security Lead to our proposed delivery team. The selected individual will join our company team for the virtual Microsoft Teams interview, represent the penetration testing role, and support project delivery if the contract is awarded. This is a client-facing role. We need someone who is technically strong, professional, and able to clearly explain their experience, methodology, safe testing practices, tools, reporting approach, and how they would support a public-sector penetration testing engagement. OPPORTUNITY OVERVIEW The opportunity involves comprehensive penetration testing services for a U.S. public sector environment. The scope includes: Web application penetration testing External network penetration testing Internal network penetration testing Wireless penetration testing Active Directory permissions/security review Controlled exploitation and manual validation Executive and technical reporting Optional social media security assessment RESPONSIBILITIES FOR THIS ROLE Join our internal preparation call before the client interview. Attend the virtual Microsoft Teams interview with our company team. Introduce yourself as part of the proposed delivery team and explain your role in the engagement. Discuss relevant experience in web, network, internal, wireless, Active Directory, and/or social media security assessments. Explain your testing methodology clearly and practically. Speak to safe testing practices, Rules of Engagement, data handling, stop-test procedures, controlled exploitation, and how to avoid disruption in a public-sector environment. Support project delivery activities if the opportunity is awarded. Work under our project manager, engagement governance, confidentiality requirements, reporting standards, and quality review process. REQUIRED QUALIFICATIONS 7+ years of hands-on penetration testing or offensive security experience. Strong experience in at least three of the following areas: web application testing, external network testing, internal network testing, wireless testing, Active Directory assessment, assumed-breach testing, or social engineering/social media security assessment. Strong experience with manual validation, controlled exploitation, risk documentation, and remediation guidance. Ability to explain technical risks in business terms for public-sector stakeholders. Experience supporting government, county, municipal, education, healthcare, justice, or other regulated environments is strongly preferred. Strong communication skills and comfort speaking in a formal client interview. PREFERRED TOOLS AND SKILLS Nmap, Masscan, Nessus/Tenable, Metasploit, Burp Suite, OWASP ZAP, CrackMapExec/NetExec, BloodHound, SharpHound, Responder, Impacket, Hashcat, John the Ripper, Wireshark, Aircrack-ng, Kismet, PowerView, PowerShell, Python, Kali Linux, Windows, Active Directory, VPN/MFA testing, wireless testing, API testing, CMS/WordPress testing, and segmentation testing. PREFERRED CERTIFICATIONS OSCP, OSCE, OSEP, GPEN, GXPN, PNPT, CISSP, GWAPT, CRTO, CPTS, or equivalent offensive security certifications.