Job Description

Position Summary

Dhaka Technologies Limited is seeking an experienced Penetration Tester to support a cybersecurity assessment and program implementation effort for a District government oversight organization. This role will perform quarterly external penetration testing of public-facing systems, support vulnerability identification across applications/systems/networks, and produce executive-ready technical reports aligned to NIST 800-53 (Moderate) .

This is a hands-on, mission-critical role operating in a sensitive environment where confidentiality, discipline, and non-disruptive testing are mandatory.

Location & Work Mode

• Washington, DC (Onsite required)
  

• Some planning/reporting tasks may be remote, but testing activities are onsite .
  

Key Responsibilities

Penetration Testing & Validation

• Conduct quarterly external penetration tests of public-facing web applications and security boundary.
  

• Perform ethical exploitation to validate vulnerabilities and demonstrate potential impact (without service disruption).
  

• Support selection of systems for deeper penetration testing based on scanning results and client coordination.
  

• Validate exploitation paths and privilege escalation potential (as authorized) to assess lateral movement risk.
  

Vulnerability Assessment & Discovery

• Execute network mapping , discovery, and vulnerability scanning across defined scope.
  

• Conduct web application security assessments aligned to OWASP Top 10 (e.g., XSS, SQLi, auth/session issues, misconfigurations).
  

• Support database security assessment activities (configuration baseline checks, patch validation, limited user rights review, default credential checks—when authorized).
  

Reporting & Documentation

• Produce high-quality reports with:
  

  • Executive summary
    

  • Methodology
    

  • Vulnerability matrix (severity-ranked)
    

  • Verification evidence
    

  • Remediation recommendations and prioritized roadmap
    

  • Tooling used, logs/screenshots as needed
    

• Deliver quarterly testing reports and support any retesting/validation requested by the client.
  

Collaboration & Program Support

• Coordinate closely with the Project Manager, GRC team, and Security Architect to ensure findings map to NIST 800-53 control objectives .
  

• Participate in weekly status meetings and maintain clear communication on progress, risks, and constraints.
  

Mandatory Rules of Engagement (Non-Negotiable)

• No Denial-of-Service testing and no actions that disrupt operations.
  

• Do not delete or alter live data.
  

• Follow strict security handling rules for sensitive information; use only approved methods for communication and data transfer.
  

• Report any suspected security incidents or impacts immediately per client procedures.
  

• Must be able to sign a Non-Disclosure Agreement (NDA) and comply with all client security policies.
  

Required Qualifications

• Demonstrated experience performing penetration testing and vulnerability assessments, ideally in government or regulated environments .
  

• Strong web application testing experience (manual + automated) and familiarity with OWASP methodologies.
  

• Working knowledge of network protocols, network design, and common enterprise security controls.
  

• Ability to write clear, structured, professional security reports for both technical and executive audiences.
  

• Strong judgment and professionalism in sensitive environments (confidential data, oversight context).
  

Preferred Certifications (One or More)

• OSCP , GWAPT , CEH , CREST , GIAC (e.g., GSNA/GWEB), CPT/CEPT
  

  (Equivalent certifications and demonstrable experience will be considered.)
  

Tools & Technical Skills (Preferred)

• Experience with common testing tool sets (e.g., Burp Suite, Nmap, vulnerability scanners, web testing frameworks)
  

• Familiarity with enterprise environments, firewalls/IPS, endpoint security controls, and secure configuration baselines
  

• Comfort operating within defined ROE and change-controlled environments
  

Employment Type

• Contract / Full-time (based on project needs)
  

• Start date and duration: aligned to project schedule through September 30, 2026 , with possible option-year sustainment.
  

How to Apply

Please submit the document and email to [email protected] with a Subject line Penetration Tester DC. 

• Resume
  

• Relevant certifications (if available)
  

• Short summary of 2–3 recent penetration testing engagements (scope, environment, your role, outcomes)
  

• 3 References 

Job Tags

Similar Jobs