Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.
We are seeking a highly skilled and experienced Penetration Tester to join our team supporting the CBP SOC. This candidate will be responsible for conducting comprehensive security assessments of CBP FISMA systems with the purpose of identifying vulnerabilities and providing actionable recommendations to enhance the security posture of CBP's critical systems and networks. This role requires a deep understanding of offensive cybersecurity techniques, strong analytical capabilities, detailed report writing skills and the ability to work as part of a team.
Primary Responsibilities:
- Conduct penetration testing activities aligned with CBP and industry best practices.
- Perform internal and external web application, network, and infrastructure pentest assessments using commercial and open-source tools.
- Execute testing operations safely and in accordance with defined operational guidelines.
- Produce detailed reports outlining findings and actionable remediation recommendations.
- Partner with SOC, engineering, and security teams to validate and remediate vulnerabilities.
- Support tool development, methodology improvements, and team-wide knowledge sharing.
- Assist in verifying Bug Bounty findings and remediations
Basic Qualifications:
- Bachelors’ degree from an accredited college in a related discipline, or equivalent experience/combined education, with 3 to 5(T3)/ 5 to 8 (T4) years of professional experience; or 3 to 5 years of professional experience with a Masters’ degree.
- 3(T3) /5(T4) years in Pen Testing and Vulnerability Assessment, with specific emphasis on web application and enterprise network environments.
- 3-5 (T3) 5-8(T4) years of professional experience in incident detection and response, malware analysis, or cyber forensics.
- Must be able to work in the office in Ashburn, VA 2-5 days per week as required by the customer.
- Must have a US Citizenship to be considered for this position due to the customer clearance required.
Must have the specific experience (1-3 years for T3) or (3-5 years for T4) in at least 1 of the following specialties:
- Network pentesting
- Web application pentesting
- Active directory pentesting
- Mobile application pentesting
- Cloud infrastructure pentesting
- RF pentesting
Must have the following experience with 1-3 (T3) 3-5(T4) of the tools listed below:
- Kali Linux
- Metaspoilt
- Burp suite pro
- Cobalt Strike / Sliver
- Tenable Nessus
- Tenable Security Center
- Bloodhound
- BladeRF / HakRF
- Hak5 equipment
- Wireshark / tcpdump
- Prowler
- Scoutsuite
Core Certifications: At least one pentesting certification:
- OSCP
- GPEN
- CRTO
- OSWP
- GWAPT
- AWS Solutions Architect Associate
Clearance: In addition to specific security clearance requirements all CBP SOC employees are required to successfully complete a CBP Background Investigation to support this program
Preferred Qualifications:
- CISSP
- GISF
- GXPN
- OSCE
- OSEE
- AWS Certified Security - Specialty
- Certified Kubernetes Administrator (CKA)
- Ability to brief senior government leadership on pentesting requirements and results
- Red Team operator experience
- Experience creating and updating SOPs
- Analytical and Problem-Solving Skills
- Communication Skills
If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.
Original Posting:June 10, 2026For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Skills Required
- Bachelor's degree or equivalent experience (3-5 years T3 / 5-8 years T4)
- 3-5 years (T3) or 5-8 years (T4) Pen Testing and Vulnerability Assessment experience (web application and enterprise networks)
- 3-5 (T3) / 5-8 (T4) years experience in incident detection and response, malware analysis, or cyber forensics
- Must be able to work in the office in Ashburn, VA 2-5 days per week
- Must have US Citizenship (customer clearance required)
- Experience (1-3 years for T3 or 3-5 years for T4) in at least one specialty: Network, Web Application, Active Directory, Mobile, Cloud Infrastructure, or RF pentesting
- Experience with penetration testing tools (1-3 for T3, 3-5 for T4) including: Kali Linux, Metasploit, Burp Suite Pro, Cobalt Strike/Sliver, Tenable Nessus, Tenable Security Center, BloodHound, BladeRF/HakRF, Hak5 equipment, Wireshark/tcpdump, Prowler, ScoutSuite
- Execute testing safely according to operational guidelines and produce detailed reports with actionable remediation recommendations
- At least one core pentesting certification: OSCP, GPEN, CRTO, OSWP, GWAPT, or AWS Solutions Architect Associate
- Complete CBP Background Investigation and meet customer-specific security clearance requirements
- Ability to partner with SOC, engineering, and security teams to validate and remediate vulnerabilities
- Support tool development, methodology improvements, and team knowledge sharing
- Ability to assist verifying Bug Bounty findings and remediations
- Preferred: CISSP, GISF, GXPN, OSCE, OSEE, AWS Certified Security - Specialty, Certified Kubernetes Administrator (CKA)
- Preferred: Red Team operator experience, ability to brief senior government leadership, SOP creation and updating, strong analytical and communication skills
Leidos Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Leidos and has not been reviewed or approved by Leidos.
-
Healthcare Strength — Healthcare coverage is described as comprehensive, with multiple plan options, low office-visit copays in some plans, and access to mental health and wellness support tools. The availability of HSA/FSA options and employer contributions is positioned as a meaningful part of the total package.
-
Retirement Support — Retirement benefits are framed as a strong component of total rewards, highlighted by a 401(k) match and immediate vesting in the standard package. The Employee Stock Purchase Plan is also presented as an additional long-term wealth-building feature.
-
Wellbeing & Lifestyle Benefits — Wellbeing and lifestyle supports extend beyond core insurance, including wellness programs, fitness-related stipends, and assistance resources. Work flexibility and related perks are also included as part of the broader rewards experience.
Leidos Insights
What We Do
We Are Leidos For 50 years we have been tackling some of the biggest problems that face our nation and our world. OUR MISSION Through our culture of innovation and history of performance, we develop deep customer trust built on integrity and create enduring solutions that improve our world. Leidos is a science and technology solutions leader working to address some of the world’s toughest challenges in the defense, intelligence, homeland security, civil, and healthcare markets. The company’s 43,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Va., Leidos reported annual revenues of approximately $11.09 billion for the fiscal year ended January 3, 2020. Leidos was cited for the meaningful work employees perform that is challenging, impactful, and aligned with our customers’ missions as reasons professionals want to work and stay at our company. Leidos has also been named to lists including Forbes’ Best Employers for Diversity, Forbes’ America’s Best Employers for Women, Military Times Best for Vets Employers, and Ethisphere Institute’s World's Most Ethical Companies®. Employees enjoy career enrichment opportunities available through mobility and development and experience rewarding relationships with supportive supervisors and talented colleagues and customers. Employees appreciate our flexible work environment, allowing for and encouraging a true work-life balance. Our professionals are also excited about our Employee Resource Groups, like the newly launched Collaborative Outreach with Remote and Embedded Employees (CORE), which strives to create an environment where every employee, regardless of location, feels fully engaged as a valued employee of Leidos. Your most important work is ahead.
