Senior Penetration Testing Analyst

Description

This Department of War enterprise data and analytics program delivers mission-critical capabilities that enable leaders across the Department to make faster, better-informed decisions using trusted data at scale. Leidos Digital Modernization sector is seeking an experienced Senior Penetration Testing Analyst Lead to support the delivery, enhancement, and adoption of enterprise data and analytics products used across multiple DoD organizations.

In this role, you will work alongside government partners, engineers, and other industry teammates to translate operational and strategic requirements into scalable, production-ready solutions. You will contribute directly to product planning, execution, and continuous improvement-helping ensure capabilities are delivered efficiently, aligned to mission priorities, and positioned for sustained success.

This position offers the opportunity to work on a high-visibility, enterprise program at the intersection of data, analytics, and emerging AI technologies. Ideal candidates are motivated by mission impact, comfortable operating in complex stakeholder environments, and interested in building deep domain expertise while delivering capabilities with real-world national security outcomes.

Primary Responsibilities:

• Conduct penetration testing and vulnerability assessments across applications, infrastructure, and cloud environments.
• Support planning and execution of penetration testing events in coordination with Government and authorized testing organizations.
• Identify, analyze, and document vulnerabilities, misconfigurations, and security weaknesses.
• Develop detailed findings, including risk assessments and recommended remediation actions.
• Support validation of remediation efforts and closure of identified vulnerabilities.
• Assist in integrating penetration testing findings into RMF processes, including updates to SSPs, POA&Ms, and BOE artifacts.
• Support continuous monitoring activities by identifying recurring vulnerabilities and systemic risks.
• Utilize security tools (e.g., Nessus, Nmap, Burp Suite, Metasploit, or similar) to conduct testing and analysis.
• Collaborate with cybersecurity engineers, DevSecOps teams, system engineers, and ISSOs to improve system security.
• Contribute to cybersecurity reporting, dashboards, and documentation for Government stakeholders.
• Support audit and inspection activities by providing penetration testing results and supporting documentation.
• Participate in SAFe ceremonies including PI Planning, backlog refinement, sprint reviews, and retrospectives.

Basic Qualifications:

• Active Top Secret (TS) clearance with SCI eligibility.
• Bachelor's degree in Cybersecurity, Computer Science, Information Assurance, Engineering, or related technical discipline OR equivalent training/experience aligned to DoD 8140 pathways.
• At least one of the following foundational qualification pathways consistent with DoD 8140 requirements:]
  • Current DoD 8570/8140 baseline certification appropriate for Intermediate Cyber Defense Analyst roles (e.g., CySA+, GCDA, GCIH, or equivalent),
  • Offerings listed in the DoD 8140 Training Repository,
  • Demonstrated equivalent training and experience qualifying under DoD 8140 foundational qualification alternatives.
• 8-12 years of relevant experience in cybersecurity, penetration testing, or vulnerability assessment.
• Minimum of 5 years of experience in penetration testing or related cybersecurity roles.
• At least 2 years of experience in one or more of the following:
  • Incident detection and response
  • Malware analysis
  • Cyber forensics
• Proficiency with at least three of the following tools:
  • Kali Linux
  • Metasploit
  • Burp Suite
  • Cobalt Strike
  • Tenable Nessus
  • WebInspect
  • Scuba
  • AppDetective
• Proven experience in planning, coordinating, and conducting penetration tests.
• Strong understanding of penetration testing tools, techniques, and methodologies.
• Experience working with DoD or Government penetration testing organizations.
• Ability to interpret and communicate penetration test results to technical and non-technical stakeholders.
• Experience in scheduling and managing remediation actions based on penetration test findings.
• Excellent communication and interpersonal skills.

Preferred Qualifications:

• Active TS/SCI clearance.
• Advanced certifications such as OSCP, CEH, CISSP, or similar.
• Experience with the System or similar DoD data, analytics, and AI platforms.
• Familiarity with DoD cybersecurity policies, standards, and guidelines.
• Experience in a systems engineering or software development environment.
• Knowledge of cloud-based data, analytics, and AI capabilities.
• Strong problem-solving and analytical skills.
• Experience in a customer-facing role, with a focus on customer success and outreach.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares.

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

About Leidos

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits.

Securing Your Data

Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at LeidosCareersFraud@leidos.com.

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.