Senior Systems Security Specialist
Indexed description
About The Opportunity
DMI, LLC is seeking a Senior Systems Security Specialist to p erform internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths, and other related tasks.
Duties And Responsibilities
- Conduct internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths.
- Perform red team engagements simulating real-world adversary tactics, techniques, and procedures (TTPs) aligned with MITRE ATT&CK.
- Execute vulnerability assessments and validate remediation efforts through retesting and technical verification.
- Develop comprehensive penetration testing reports, including executive summaries, risk ratings, proof-of-concept evidence, and actionable remediation guidance.
- Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.
- Conduct secure configuration reviews of operating systems, network infrastructure, cloud platforms, and identity systems.
- Evaluate application security through dynamic and manual testing techniques, including authentication, session management, input validation, and access control testing.
- Review source code for security weaknesses and secure coding gaps, particularly in C/C++, Python, Java, or similar languages.
- Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities.
- Support incident response activities by recreating attack chains, validating compromise scenarios, and identifying root causes.
- Assess Zero Trust implementations, micro-segmentation strategies, and identity-based security controls for effectiveness.
- Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience.
- Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization.
- Collaborate with engineering, DevOps, and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture.
- Contribute to the development of security policies, testing methodologies, and enterprise security standards.
- Support compliance efforts by mapping testing results to NIST, OWASP, CIS, or other applicable security frameworks.
- Participate in continuous improvement of penetration testing methodologies, tools, and adversary emulation strategies.
- Adhere to all security, change control, and Project Management Office (PMO) policies, processes, and methodologies.
- Note: The candidate must be flexible to work overtime, on-site/off-site , as needed, including weekends, holidays, and off-hours.
- A Minimum eight (8) years of progressive experience in cybersecurity
- A minimum of five (5) years performing penetration testing or red team engagements.
- A minimum of five (5) years conducting network penetration testing, web application and API testing, internal and external vulnerability assessments and threat modeling and attack path analysis
- A minimum of five (5) years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance.
- A minimum of five (5) years supporting incident response investigations and validation testing.
- A minimum of five (5) years with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Nessus, etc.).
- Strong knowledge of Secure coding practices, Application security testing (SAST/DAST concepts), Network architecture and segmentation and Identity and access management concepts
- A minimum of five (5) years of demonstrated scripting or development ability in at least one language (e.g., Python, C/C++, PowerShell, Bash).
- A minimum of five (5) years of working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK and OWASP Top 10
- A minimum of five (5) years of experience mapping findings to security control frameworks.
- At least one recognized offensive security certification (e.g., OSCP, GPEN, GXPN, CEH, or major experience can substitute for certification).
- Demonstrated ability to communicate technical findings to executive and non-technical audiences, and provide actionable remediation recommendations.
- Demonstrated experience working in government or highly regulated environments.
- A minimum of ten (10) years of progressive experience in cybersecurity
- A minimum of eight (8) years of experience in Advanced Offensive Security:
- Experience leading red team engagements.
- Experience performing adversary emulation exercises.
- Experience conducting phishing and social engineering simulations.
- Experience performing purple team exercises.
- A minimum of five (5) years of experience in Zero Trust & Architecture:
- Experience designing or assessing Zero Trust implementations.
- Experience evaluating micro-segmentation strategies and identity-centric controls.
- A minimum of five (5) years of experience in Cloud & Modern Infrastructure:
- Experience performing security assessments in AWS or Azure environments, Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments
- Experience testing CI/CD pipelines.
- A minimum of ten (10) years of experience in Software Development Depth:
- Strong low-level development knowledge (kernel, assembly, embedded systems) that supports advanced exploit analysis.
- Experience reviewing source code in JAVA or other compiled languages for vulnerabilities.
- A minimum of ten (10) years of experience in Government in the following:
- Experience supporting federal or state government security programs.
- Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments.
Citizenship Status Required: H 1B
Physical Requirements: None required for this position.
Location: Baltimore, MD (hybrid)
Working at DMI
DMI Is a Diverse, Prosperous, And Rewarding Place To Work. Our Culture Is Shaped By Five Core Values That Guide How We Work, Grow, And Succeed Together
- Do What’s Right – We lead with honesty and integrity.
- Own the Outcome – We take responsibility and deliver.
- Deliver for Our Customers – We are relentless about delivering value.
- Think Bold, Act Smart – We innovate with purpose.
- Win Together – We collaborate and celebrate our success.
- Convenience/Concierge – Virtual health visits, commuter perks, pet insurance, and entertainment discounts that make life easier.
- Development – Annual performance reviews, tuition assistance, and internal career growth opportunities to help you thrive.
- Financial – Generous 401(k) matches, life and disability insurance, and financial wellness tools to support your future.
- Recognition – Annual awards, service anniversaries, referral bonuses, and peer-to-peer shoutouts that spotlight your achievements.
- Wellness – Healthcare coverage, wellness programs, flu shots, and biometric screenings to support your health.
- No Agencies Please *****************
Job ID: 2026-28733
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search