Penetration Tester (Red Team Operator)
Arlington, VA
NC05-001P-10 /
Top Secret /
Remote
At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
phia is seeking a Penetration Tester (Red Team Operator) to independently conduct advanced security assessments. This will be a unique opportunity to conduct assessments across the federal government, state and local governments, as well as critical infrastructure and private companies. Although contingent upon contract award, we are actively engaging with strong candidates now. Remote with engagement based travel.
What You'll Do
- Perform independent vulnerability and penetration testing assessments, following established methodologies and rules of engagement.
- Identify and analyze critical security vulnerabilities that could be exploited to compromise client systems and information.
- Assess system and network configurations to detect deviations from accepted security standards and policies.
- Execute red team operations simulating real-world adversary tactics, techniques, and procedures (TTPs), focusing on advanced threats.
- Collaborate with senior leadership to align red team engagements with broader security strategies.
- Integrate threat intelligence into red team activities to ensure engagements reflect realistic, current attack patterns.
- Work closely with blue teams and incident response teams to improve organizational defenses based on red team findings.
- Prepare detailed reports outlining vulnerabilities and providing actionable, risk-based recommendations for remediation.
- Develop, customize, and maintain tools to enhance red team capabilities.
- Stay updated on emerging attack vectors, vulnerabilities, and security technologies to inform assessments.
Education + Requirements
- A minimum of 3 years of experience in offensive security or red teaming, with proven ability to work independently.
- Bachelor’s degree in Cybersecurity, Computer Science, or a related field.
- Strong experience conducting red team operations and adversary emulation independently.
- Expertise in vulnerability assessments, focusing on advanced application security and cloud environments.
- Proficient in ethical hacking techniques, code reviews, and security auditing.
- Expert-level knowledge of key security tools and scripting languages (e.g., Kali Linux, Metasploit, Cobalt Strike, PowerShell, Python).
- Experience working with cloud platforms (AWS, Azure, GCP) and containerization technologies.
- Familiarity with the MITRE ATT&CK framework for structuring red team engagements.
- Strong understanding of government and industry compliance frameworks (e.g., NIST, FISMA, HIPAA).
- Proven ability to manage red team engagements and ensure projects are completed on time with minimal oversight.
- Strong communication skills to present technical findings to both technical and non-technical audiences.
- Experience in military, Intelligence Community, or Law Enforcement is highly valued.
- Must be able to obtain and maintain necessary security clearances.
Security Clearance
- U.S. Citizenship required.
- Top Secret clearance required with SCI eligibility.
- DHS Suitability (EOD) required before start.
Required Certifications
- OSCP, OSCE, GPEN, GXPN, or equivalent required.
- Additional certifications such as CRTO, CREST, or cloud security certifications (e.g., AWS Certified Security) are desirable.
#LI-LC1
Who You Are
A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
Intellectually curious with a genuine desire to learn and advance your career.
An effective communicator, both verbally and in writing.
Customer service-oriented and mission-focused.
Critical thinker with excellent problem-solving skills
If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Are
phia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time employees:
Comprehensive medical insurance to include dental and vision
Short Term & Long-Term Disability
401k Retirement Savings Plan with Company Match
Tuition and Professional Development Assistance Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.