Print / Save PDF Back to job

Penetration Tester

General Dynamics Information Technology · United States

How to use this kit

Ground every answer in facts on this page and the original listing. We never invent Glassdoor-style reviews or salaries that are not in our data.

Occupation tasks (O*NET)

Public-domain labor data — prepare examples for 2–3 of these.

O*NET source

Company facts (cached)

Website: generaldynamicsinformationtechnology.com

Public cache only — not an employee review.

Role overview (listing rewrite)

General Dynamics Information Technology is hiring a Penetration Tester for a full-time remote position securing critical U.S. judicial infrastructure. This role tests federal software systems before production to ensure resilience against advanced cyber threats. Role Overview The Case Management Modernization (CMM) Program for the U.S. Courts needs security validation of Node.js and React applications running on AWS microservices. Your penetration assessments will confirm that systems meet NIST 800-53 federal controls and Authority-to-Operate (ATO) requirements. As part of the Agile DevSecOps organization, you'll identify vulnerabilities, guide developers on remediation, and build authoritative security evidence for federal sign-off. Day-to-Day Responsibilities Conduct web, API, cloud, and microservices penetration testing on AWS infrastructure (IAM, S3, Lambda, API Gateway, ECS/EKS, networking) Execute static analysis, dynamic testing, and manual code review for security weaknesses Perform privilege escalation research, lateral movement testing, and attack path discovery Confirm NIST 800-53 controls are properly deployed across security families (AC, AU, IA, SC, SI, CM) Assess container and Kubernetes security, plus CI/CD pipeline integrity Support Plan of Action and Milestones (POA&M), Security Assessment Reports, and ATO packages Provide developers with detailed remediation guidance and verify fixes through retesting Leverage Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Nikto, and custom Python or JavaScript scripts Document exploitation techniques, calculate risk scores using federal frameworks, and present findings to technical and non-technical stakeholders Participate in threat modeling sessions, architecture security reviews, and authorization readiness assessments Qualifications 8+ years conducting penetration tests, performing application security assessments, or professional ethical hacking work Proven ability testing web applications, REST APIs, microservices, and cloud platforms Expert-level knowledge of AWS security including IAM policies, VPC design, S3 access control, Lambda hardening, and CloudWatch/CloudTrail monitoring Mastery of NIST 800-53, Risk Management Framework (RMF), FedRAMP, and federal Authority-to-Operate processes Technical depth with Node.js, React, and microservices-based system architectures Working familiarity with SIEM and observability platforms such as Datadog, ELK Stack, Grafana, or CloudWatch Clear communication skills in writing and presentation for technical teams and federal stakeholders Preferred certifications: OSCP, OSWE, GWAPT, GPEN, or AWS Security Specialty Bachelor's degree in a related field or documented equivalent professional experience About the Company…

Full job on Get A Job.AI

Questions to ask them

Generated for personal interview prep · 2026-07-15 UTC · getajob.ai