Hybrid/Local Penetration Tester (15+) with offensive security, VPN/firewalls/routers/switches/IDS/IPS, Windows/Linux/Unix, Nmap/Nessus/Metasploit/Burp Suite, BloodHound/NetExec/PingCastel, NIST/OWASP/MITRE ATT&CK, and Active Directory experience

Job ID: NC-701519 (912090424)

Hybrid/Local Penetration Tester (15+) with offensive security, VPN/firewalls/routers/switches/IDS/IPS, Windows/Linux/Unix, Nmap/Nessus/Metasploit/Burp Suite, BloodHound/NetExec/PingCastel, NIST/OWASP/MITRE ATT&CK, and Active Directory experience

Location: Raleigh, NC (NCDHHS – Privacy and Security Office)
Duration: 11 Months

Skills:
Minimum 7–10 years of hands-on experience in penetration testing or offensive security    Required    7     Years
Demonstrated expertise in network and infrastructure security testing   Required    7     Years
Strong understanding of: o TCP/IP, DNS, DHCP, VPN, firewalls, IDS/IPS o Windows and Linux system internals o Active Directory attack paths and defen  Required    8     Years
Advanced proficiency with penetration testing tools such as: o Nmap, Nessus, Metasploit, Burp Suite o BloodHound, NetExec,PingCastel Analysis tools   Required    7     Years
Experience producing standard penetration testing reports   Required    7     Years
Familiarity with security frameworks and standards, including: o NIST SP 800-53, 800-115, 800-61 o MITRE ATT&CK o OWASP Testing Guide     Required    7     Years
Experience working within regulated or high-security environments Required    7     Years
Strong understanding of legal, ethical, and compliance requirements for penetration testing     Required    5     Years

Description:
Seeking a Senior Penetration Tester to conduct authorized network & infrastructure penetration testing to identify, validate, & demonstrate security weaknesses.

The Senior Penetration Testing Contractor will:
Plan and execute internal and external penetration tests for network and infrastructure environments
Perform vulnerability identification, validation, and controlled exploitation
Assess security posture across:
Network devices (firewalls, routers, switches)
On-premise servers and operating systems (Windows, Linux, Unix)
Active Directory and identity infrastructure
Remote access solutions and VPNs
Cloud environments (where applicable)
Simulate advanced threat actor techniques including:
Privilege escalation
Lateral movement
Credential compromise
Persistence mechanisms
Evaluate security configurations and control effectiveness
Conduct testing in accordance with approved Rules of Engagement
Prepare and deliver formal penetration testing reports suitable for executive, audit, and technical audiences
Support remediation validation and follow-up testing as required

NC-RTR-701519.docx

NC-701519-SM.docx