We are seeking a highly qualified IT Penetration Testing Engineer / Security Technician to support a New York State government security assessment. This role will perform external Black Box and internal Grey Box penetration testing across on‑premises, cloud, hybrid, and wireless environments.
This is a government‑supported engagement, and candidates must meet all mandatory experience, certification, and location requirements listed below. Only candidates whose resumes clearly demonstrate all required qualifications will be considered.
Work Location & Eligibility (MANDATORY)
• ✅ Remote role
• ✅ All work must be performed from within the Contiguous United States (CONUS)
• ✅ Candidate must currently reside in the United States
• ✅ Must be legally authorized to work in the U.S.
• ❌ Work from outside CONUS is not permitted
• ❌ NY residency is not required
• ❌ U.S. citizenship is not explicitly required
Data access, storage, and testing activities may not occur outside CONUS.
Key ResponsibilitiesPenetration Testing
• Perform External Black Box penetration testing of internet‑facing systems
• Perform Internal Grey Box penetration testing of enterprise networks
• Conduct testing across:
• On‑premise infrastructure (servers, routers, switches, firewalls, web applications)
• Cloud and hybrid environments (Azure, AWS, and/or GCP)
• Wireless environments (preferred)
• Follow defined Rules of Engagement
• Immediately escalate critical or catastrophic vulnerabilities
Tools & Techniques
Hands‑on use of industry‑standard penetration testing tools, including:
• Metasploit
• Nmap
• Wireshark
• Nessus
• Burp Suite
• Aircrack‑ng
• John the Ripper
(Experience must reflect actual penetration testing usage—not tool familiarity only.)
Reporting & Documentation
• Produce audit‑ready penetration testing documentation, including:
• Detailed findings
• Proof‑of‑concept evidence (screenshots, steps taken)
• Risk ratings
• Remediation recommendations
• Contribute to:
• Detailed Findings Report
• Executive Summary
• Executive‑level presentation (virtual or onsite if requested)
MANDATORY Qualifications (Pass/Fail)
Your resume must explicitly demonstrate the following:
Experience
• Minimum 2 years of hands‑on penetration testing experience
• Explicit experience with:
• Black Box penetration testing
• Grey Box penetration testing
• Experience testing:
• Enterprise on‑prem environments
• Cloud or hybrid environments (must name Azure, AWS, or GCP)
Certifications (At Least One – Active)
One or more of the following:
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• GIAC Penetration Tester (GPEN)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
Expired or “in‑progress” certifications are not accepted.
Security & Compliance Requirements
• Must adhere to New York State IT & cybersecurity policies, including:
• Acceptable Use of Artificial Intelligence Technologies
• Vulnerability Management
• Secure Coding standards
• Must follow responsible disclosure practices
• No unauthorized exploitation or unsafe testing methods
• No use of generative AI tools involving client data
Preferred (Not Required)
• Experience supporting:
• Government clients
• Regulated industries (insurance, finance, healthcare)
• Familiarity with:
• NIST
• CIS Controls
• ISO security frameworks
• Experience contributing to executive‑level security briefings
Job Type: Contract
Application Question(s):
• How much is your expected rate per hour?
• Do you have at least 2 years of hands‑on penetration testing experience (not general security testing), and is this experience clearly documented on your resume?
• Do you have explicit professional experience performing BOTH Black Box and Grey Box penetration testing?
• Have you conducted penetration testing in enterprise environments that include both on‑premises infrastructure AND cloud or hybrid environments (Azure, AWS, or GCP)?
• Do you have hands‑on penetration testing experience using Metasploit, Nmap, Nessus, and Burp Suite?
• Do you currently hold at least ONE active security certification such as CEH, OSCP, GPEN, CISSP, or CISA?
• Do you have experience producing formal, audit‑ready penetration testing reports, including findings, remediation recommendations, and executive summaries?
• Have you previously supported government clients or regulated industries (finance, insurance, healthcare)?
• Do you have professional experience performing wireless penetration testing?
Work Location: Remote