Ground every answer in facts on this page and the original listing. We never invent Glassdoor-style reviews or salaries that are not in our data.
Public-domain labor data — prepare examples for 2–3 of these.
Website: generaldynamicsinformationtechnology.com
Public cache only — not an employee review.
General Dynamics Information Technology is hiring a Penetration Tester for a full-time remote position securing critical U.S. judicial infrastructure. This role tests federal software systems before production to ensure resilience against advanced cyber threats. Role Overview The Case Management Modernization (CMM) Program for the U.S. Courts needs security validation of Node.js and React applications running on AWS microservices. Your penetration assessments will confirm that systems meet NIST 800-53 federal controls and Authority-to-Operate (ATO) requirements. As part of the Agile DevSecOps organization, you'll identify vulnerabilities, guide developers on remediation, and build authoritative security evidence for federal sign-off. Day-to-Day Responsibilities Conduct web, API, cloud, and microservices penetration testing on AWS infrastructure (IAM, S3, Lambda, API Gateway, ECS/EKS, networking) Execute static analysis, dynamic testing, and manual code review for security weaknesses Perform privilege escalation research, lateral movement testing, and attack path discovery Confirm NIST 800-53 controls are properly deployed across security families (AC, AU, IA, SC, SI, CM) Assess container and Kubernetes security, plus CI/CD pipeline integrity Support Plan of Action and Milestones (POA&M), Security Assessment Reports, and ATO packages Provide developers with detailed remediation guidance and verify fixes through retesting Leverage Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto, and custom Python or JavaScript scripts Document exploitation techniques, calculate risk scores using federal frameworks, and present findings to technical and non-technical stakeholders Participate in threat modeling sessions, architecture security reviews, and authorization readiness assessments Qualifications 8+ years conducting penetration tests, performing application security assessments, or professional ethical hacking work Proven ability testing web applications, REST APIs, microservices, and cloud platforms Expert-level knowledge of AWS security including IAM policies, VPC design, S3 access control, Lambda hardening, and CloudWatch/CloudTrail monitoring Mastery of NIST 800-53, Risk Management Framework (RMF), FedRAMP, and federal Authority-to-Operate processes Technical depth with Node.js, React, and microservices-based system architectures Working familiarity with SIEM and observability platforms such as Datadog, ELK Stack, Grafana, or CloudWatch Clear communication skills in writing and presentation for technical teams and federal stakeholders Preferred certifications: OSCP, OSWE, GWAPT, GPEN, or AWS Security Specialty Bachelor's degree in a related field or documented equivalent professional experience About the Company…
Generated for personal interview prep · 2026-07-15 UTC · getajob.ai