Benefits:

Health insurance
Paid time off
Training & development

Matrix Systems and Technology is seeking a Systems Security Specialist to perform internal and external penetration testing of networks, web applications, API's, and cloud environments to identify security vulnerabilities and exploit paths, and other related tasks.

Duties/ Responsibilities:

Conduct internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths.
Perform red team engagements simulating real-world adversary tactics, techniques, and procedures (TTPs) aligned with MITRE ATT&CK.
Execute vulnerability assessments and validate remediation efforts through retesting and technical verification.
Develop comprehensive penetration testing reports, including executive summaries, risk ratings, proof-of-concept evidence, and actionable remediation guidance.
Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.
Conduct secure configuration reviews of operating systems, network infrastructure, cloud platforms, and identity systems.
Evaluate application security through dynamic and manual testing techniques, including authentication, session management, input validation, and access control testing.
Review source code for security weaknesses and secure coding gaps, particularly in C/C++, Python, Java, or similar languages. Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities.
Support incident response activities by recreating attack chains, validating compromise scenarios, and identifying root causes. Assess Zero Trust implementations, micro-segmentation strategies, and identity-based security controls for effectiveness.
Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience.
Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization.
Collaborate with engineering, DevOps, and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture.
Contribute to the development of security policies, testing methodologies, and enterprise security standards.
Support compliance efforts by mapping testing results to NIST, OWASP, CIS, or other applicable security frameworks.
Participate in continuous improvement of penetration testing methodologies, tools, and adversary emulation strategies.
Adhere to all security, change control, and Project Management Office (PMO) policies, processes, and methodologies.

Minimum Qualifications:

A Minimum eight (8) years of progressive experience in cybersecurity
A minimum of five (5) years performing penetration testing or red team engagements.
A minimum of five (5) years conducting network penetration testing, web application and API testing, internal and external vulnerability assessments and threat modeling and attack path analysis
A minimum of five (5) years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance.
A minimum of five (5) years supporting incident response investigations and validation testing.
A minimum of five (5) years with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Nessus, etc.).
Strong knowledge of Secure coding practices, Application security testing (SAST/DAST concepts), Network architecture and segmentation and Identity and access management concepts
A minimum of five (5) years of demonstrated scripting or development ability in at least one language (e.g., Python, C/C++, PowerShell, Bash).
A minimum of five (5) years of working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK and OWASP Top 10 A minimum of five (5) years of experience mapping findings to security control frameworks.
At least one recognized offensive security certification (e.g., OSCP, GPEN, GXPN, CEH, or major experience can substitute for certification).
Demonstrated ability to communicate technical findings to executive and non-technical audiences, and provide actionable remediation recommendations. Demonstrated experience working in government or highly regulated environments.

Preferred Qualifications:

A Minimum ten (10) years of progressive experience in cybersecurity
A minimum of eight (8) years of experience in Advanced Offensive Security:
- Experience leading red team engagements.
- Experience performing adversary emulation exercises.
- Experience conducting phishing and social engineering simulations.
- Experience performing purple team exercises.
A minimum of five (5) years of experience in Zero Trust & Architecture:
- Experience designing or assessing Zero Trust implementations.
- Experience evaluating micro-segmentation strategies and identity-centric controls.
A minimum of five (5) years of experience in Cloud & Modern Infrastructure:
- Experience performing security assessments in AWS or Azure environments, Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments
- Experience testing CI/CD pipelines.
A minimum of ten (10) years of experience in Software Development Depth:
- Strong low-level development knowledge (kernel, assembly, embedded systems) that supports advanced exploit analysis.
- Experience reviewing source code in JAVA or other compiled languages for vulnerabilities.
A minimum of ten (10) years of experience in Government in the following:
- Experience supporting federal or state government security programs. Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments.

Compensation: $85,000.00 - $130,000.00 per year

Matrix Systems and Technologies Inc., is a leading information technology solutions provider based in the Washington, DC metro area.

We have provided services in full life-cycle engineering analysis, strategic planning, testing and process management for clients across the North-eastern corridor since 1996. Our client base includes; The State of Maryland, Maryland State Department of Education, Prince George’s County Maryland, IRS, Northrop Grumman, Computer Sciences Corporation, SAIC, Lockheed Martin, American University, and the Department of Health and Human Services.

(if you already have a resume on Indeed)

Or apply here.

* required fields

First Name*

Last Name*

Email*

Phone*

Yes, Text Me!

I consent to receiving text messages about this hiring process and, if hired, future job related information from MATRIX SYSTEMS & TECHNOLOGIES INC.

Message and data rates may apply. Message frequency varies. Reply STOP to opt out. Reply HELP for help. See our User Terms of Service and Privacy Policy for details.

Get faster updates with texting!

Message and data rates may apply. Message frequency varies. Reply STOP to opt out. Reply HELP for help. See our User Terms of Service and Privacy Policy for details.