Hybrid/Local Penetration Tester with Network, security, TCP/IP/DNS/DHCP/VPN/firewalls/routers/switches/IDS/IPS, Windows/Linux/Unix, Nmap/Nessus/Metasploit/Burp Suite, BloodHound/NetExec/PingCastel Analysis, NIST, MITRE ATT&CK, OWASP and Active Directory experience

Job ID: NC-701519 (912090312)

Hybrid/Local Penetration Tester with Network, security, TCP/IP/DNS/DHCP/VPN/firewalls/routers/switches/IDS/IPS, Windows/Linux/Unix, Nmap/Nessus/Metasploit/Burp Suite, BloodHound/NetExec/PingCastel Analysis, NIST, MITRE ATT&CK, OWASP and Active Directory experience

Location: Raleigh NC (NCDHHS – Privacy and Security Office)
Duration: 12 Months
Position: 1 (2)

Skills:
Minimum 7–10 years of hands-on experience in penetration testing or offensive security Required 7 Years
Demonstrated expertise in network and infrastructure security testing Required 7 Years
Strong understanding of: o TCP/IP, DNS, DHCP, VPN, firewalls, IDS/IPS o Windows and Linux system internals o Active Directory attack paths and defen Required 8 Years
Advanced proficiency with penetration testing tools such as: o Nmap, Nessus, Metasploit, Burp Suite o BloodHound, NetExec,PingCastel Analysis tools Required 7 Years
Experience producing standard penetration testing reports Required 7 Years
Familiarity with security frameworks and standards, including: o NIST SP 800-53, 800-115, 800-61 o MITRE ATT&CK o OWASP Testing Guide Required 7 Years
Experience working within regulated or high-security environments Required 7 Years
Strong understanding of legal, ethical, and compliance requirements for penetration testing Required 5 Years

Job Description:
The Senior Penetration Testing Contractor will:
Plan and execute internal and external penetration tests for network and infrastructure environments
Perform vulnerability identification, validation, and controlled exploitation
Assess security posture across:
Network devices (firewalls, routers, switches)
On-premise servers and operating systems (Windows, Linux, Unix)
Active Directory and identity infrastructure
Remote access solutions and VPNs
Cloud environments (where applicable)
Simulate advanced threat actor techniques including:
Privilege escalation
Lateral movement
Credential compromise
Persistence mechanisms
Evaluate security configurations and control effectiveness
Conduct testing in accordance with approved Rules of Engagement
Prepare and deliver formal penetration testing reports suitable for executive, audit, and technical audiences
Support remediation validation and follow-up testing as required

NC-RTR-701519.docx

NC-701519-SM.docx