Company Overview:
TestPros is a successful and growing business, established in 1988 to provide Information Technology (IT) technical support services to a wide range of Commercial and U.S. Federal, State, and Local Government customers. Our capabilities include Program Management, Program Oversight, Process Audit, Intelligence Analysis, Cyber Security, NIST 800-53, NIST SP 800-171 / CMMC Consulting/Assessment/Compliance, PCI Compliance, SOC 2, GLBA, Zero Trust, Resiliency, Computer Forensics, Software Supply Chain Assurance, Software Testing, Test Automation, Section 508 and WCAG Accessibility Assessment and Remediation, Localization Testing, Independent Verification and Validation (IV&V), Quality Assurance (QA), Compliance, and Research and Development (R&D) services. TestPros is an Equal Opportunity Employer.
Job Summary:
The ideal candidate will have strong hands-on experience conducting external and internal vulnerability assessments, penetration testing, and compliance-based security evaluations for government or municipal environments. This role requires the ability to perform non-disruptive testing, work within outage windows, and deliver clear, executive-level reporting.
Key Responsibilities
- Performexternal penetration testingand vulnerability scanning across a/24 public IP space.
- Conductinternal penetration testingacross a/21 internal network, including multiple VLANs and network segments.
- Execute anassumed-breach scenario, such as testing from a compromised workstation via VPN.
- Conduct apublic Wi-Fi security assessment, identifying wireless vulnerabilities and attack vectors.
- Evaluate the City's current security posture againstCJIS, CORA, and NIST standards.
- Coordinate testing that may involve systems or IP ranges belonging tosister government agencies.
- Work within designatedplanned outage windowsto perform active testing without disrupting operations.
- Document all findings, including:What was testedWhat was not testedIdentified vulnerabilities and exploitabilitySeverity and risk prioritizationRecommended remediation steps
- What was tested
- What was not tested
- Identified vulnerabilities and exploitability
- Severity and risk prioritization
- Recommended remediation steps
- Prepare acomprehensive final reportand participate in review meetings if requested.
external penetration testing /24 public IP space
internal penetration testing /21 internal network
assumed-breach scenario
public Wi-Fi security assessment
CJIS, CORA, and NIST standards
sister government agencies
planned outage windows
Document all findings, including:
What was tested
What was not tested
Identified vulnerabilities and exploitability
Severity and risk prioritization
Recommended remediation steps
comprehensive final report
Required Qualifications
- OSCP or OSCEcertification (either meets the requirement).
- 5+ years of hands-on penetration testing and vulnerability assessment experience.
- Proven experience performing bothexternalandinternalpenetration tests in complex environments.
- Strong understanding of:Network segmentationVPN-based testingActive DirectoryCloud/SaaS environmentsFirewall and IDS/IPS technologies
- Network segmentation
- VPN-based testing
- Active Directory
- Cloud/SaaS environments
- Firewall and IDS/IPS technologies
- Experience with government, public sector, or municipal IT environments is highly preferred.
- Ability to write clear, professional, and actionable technical reports.
OSCP or OSCE
5+ years of hands-on penetration testing and vulnerability assessment experience.
external internal
Strong understanding of:
Network segmentation
VPN-based testing
Active Directory
Cloud/SaaS environments
Firewall and IDS/IPS technologies
Experience with government, public sector, or municipal IT environments is highly preferred.
Ability to write clear, professional, and actionable technical reports.
Preferred Skills
- Experience with SCADA-adjacent environments (testing is not performed on SCADA, but awareness is valuable).
- Familiarity with CJIS security policy requirements.
- Experience coordinating with multi-agency or cross-organizational IT teams.
- Expertise with common tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Nessus/Tenable, and Wireshark.
Experience with SCADA-adjacent environments (testing is not performed on SCADA, but awareness is valuable).
Familiarity with CJIS security policy requirements.
Experience coordinating with multi-agency or cross-organizational IT teams.
Expertise with common tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Nessus/Tenable, and Wireshark.
Engagement Details
- Estimated Start:February 2026
- Estimated Duration:6–8 weeks
- Work Location:Fully Remote (VPN access provided)
- Clearances:Not required, but government experience is a plus
Estimated Start:
Estimated Duration:
Work Location:
Clearances:
Benefits
TestPros offers a competitive salary, medical/dental/vision insurance, life insurance, paid time off, paid holidays, 401(k) retirement plan with company match, opportunities for professional growth, cell phone discounts, and much more! All benefits are per TestPros current policies and are subject to change without notice. Benefits are available to full-time employees.
TestPros, Inc. is an Equal Opportunity Employer.
EEO Statement
All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, marital status, age, national origin, or protected veteran status.