Cybersecurity Pen Tester Engineer - Senior

ECS is seeking a Cybersecurity Pen Tester Engineer - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, you will support Task 3 — Cybersecurity Operations Support by leading penetration testing and adversarial assessments of networks, systems, applications, and enclaves across the ARNG enterprise. You will develop test plans, rules of engagement, and exploitation methodologies; execute manual and automated testing; validate remediation through retesting; and produce technical reporting that informs risk decisions, mitigation planning, and overall cybersecurity posture. This position works closely with ENOCS cybersecurity operations, engineering, compliance, incident response, and RMF personnel to strengthen Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.

This role directly supports a mission environment that delivers DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The Cybersecurity Pen Tester Engineer - Senior contributes to protection of both classified and unclassified network environments that enable ARNG Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The position operates within a technical ecosystem that includes coordination with the NETCOM Global Cyber Center and DISA DCDC, and interfaces with enterprise cyber operations built around USIEM, EDR, IDS/IPS, eMASS, ACAS, STIG-aligned compliance activities, and DCO-focused monitoring and response processes.

Please Note: This position is contingent upon contract award.

• Lead penetration testing and adversarial assessments of ARNG networks, systems, applications, and enclaves to evaluate enterprise security posture and identify exploitable weaknesses.
• Develop detailed test plans, rules of engagement, and exploitation methodologies aligned to DoD and ARNG cybersecurity policy, operational constraints, and RMF requirements.
• Execute advanced manual and automated exploitation activities against classified and unclassified environments, documenting attack paths, technical impacts, and risk implications.
• Validate remediation effectiveness through structured retesting and provide clear technical feedback to system owners, engineers, and cybersecurity operations personnel.
• Produce comprehensive technical reports and executive summaries that prioritize findings by risk, clearly describe vulnerabilities, and recommend practical mitigation strategies.
• Coordinate assessment activities with Task 3 cybersecurity operations teams to support DCO-IDM objectives across the DoDIN-Army-NG area of responsibility.
• Support cybersecurity reporting and risk decisions by aligning assessment results with eMASS documentation, POA&M development, and ongoing RMF compliance activities.
• Collaborate with SOC and monitoring teams that leverage USIEM, EDR, and IDS/IPS analytics to inform threat-informed testing, identify defensive gaps, and strengthen enterprise detections.
• Engage with stakeholders operating in coordination with the NETCOM Global Cyber Center and DISA DCDC to ensure testing activities support 24/7/365 cybersecurity engineering, operations, and vulnerability management objectives.

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 631-Information Systems Security Developer — Intermediate proficiency; must hold ONE OR MORE of the following: SecurityX / CASP+, CCSP, Cloud+, CSC, GCLD, GCSA, GSEC

Experience: 7+ years of experience in cybersecurity

Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Demonstrated experience conducting penetration testing or adversarial assessments of enterprise networks, systems, applications, or enclaves.
• Demonstrated ability to develop rules of engagement, test plans, exploitation methodologies, and retest procedures for remediation validation.
• Experience producing technical assessment reports and executive-level summaries that clearly communicate findings, risk priorities, and mitigation recommendations.
• Experience assessing security posture in support of RMF-aligned environments, including documentation of findings for risk tracking and corrective action.
• Ability to coordinate effectively with cybersecurity operations, engineering, compliance, and incident response stakeholders in a large enterprise environment.
• Experience supporting vulnerability assessment activities within DoD or similarly regulated environments with STIG-aligned compliance expectations.
• Ability to evaluate both classified and unclassified environments while maintaining disciplined documentation and operational controls.