External Penetration Testing Specialist Needed (Potential for Long Term Project)

CyberVault Solutions is preparing for an upcoming client penetration testing engagement and is seeking an experienced penetration tester to lead the external network assessment portion of the project. While the broader engagement may include internal network, web application, and API testing, the immediate focus will be on conducting a thorough assessment of the client’s external-facing environment. What we are looking for: Comprehensive vulnerability discovery and validation Accurate identification of legitimate findings and reduction of false positives Controlled exploitation techniques to safely demonstrate impact without disrupting production services Clear risk prioritization aligned to NIST and CMMC-related security considerations Professional reporting with actionable remediation guidance Retesting and validation support after remediation activities are completed The selected resource should be comfortable working with common penetration testing and security assessment tools such as: Nmap Nessus Burp Suite Metasploit Custom scripts/tooling You are expected to provide and operate your own testing tools and licenses necessary to perform the engagement. Expected Deliverables: Testing methodology and assessment approach aligned to the Rules of Engagement (ROE) Raw and parsed scan output Proof-of-concept evidence for validated findings (screenshots, logs, or session captures) Executive summary and detailed technical findings report with risk ratings and remediation guidance Mapping of findings to relevant NIST and/or CMMC security considerations where applicable Remediation validation and retest results Additional Information: Final scope, timelines, and asset counts will be confirmed once the client finalizes authorization and scoping documentation. Target kickoff is within the next two weeks. Strong communication and documentation skills are required. Ability to collaborate in real-time via Microsoft Teams or Slack is preferred. Prior enterprise or consulting experience is highly preferred. When responding, please include: Relevant penetration testing experience Certifications (OSCP, PNPT, CEH, CISSP, etc.) Sample sanitized reports (if available) Availability and estimated hourly rate Brief overview of your testing methodology Additional Requirements: * All work performed must remain confidential and may require execution of an NDA prior to engagement. * Tester must maintain detailed notes and evidence throughout the assessment. * Preference will be given to candidates with prior experience supporting regulated or compliance-driven environments. * Ability to distinguish between automated scan findings and manually validated vulnerabilities is critical. * Clear communication during testing windows is required, especially for any high-risk or potentially impactful findings. Preferred Experience: * CMMC / NIST 800-171 environments * Microsoft Azure / Entra ID environments * Defender / Sentinel familiarity * API security testing * Active Directory enumeration and privilege escalation * Report writing for executive and technical audiences Important: This is not a simple vulnerability scan engagement. We are looking for an experienced tester capable of performing thoughtful validation, controlled exploitation, and high-quality reporting suitable for professional client delivery.

Project ID: 40435527