Break the System to Build a Stronger One
Join BAE Systems, a global leader in defense and aerospace, where your skills in offensive security protect the worlds most critical infrastructure. We are looking for a Lead Penetration Tester to join a high-performing, agile team dedicated to identifying, containing, and eradicating the most sophisticated cyber threats. If you have a passion for uncovering vulnerabilities and a drive to secure Enterprise-wide systems, we want you.

Your Mission
You wont just run scans; you will lead the charge in securing a complex technical ecosystem. Your impact will include:

• Advanced Offense: Design and execute comprehensive internal and external penetration tests, including web applications, physical security, and social engineering.
• Strategic Defense: Translate vulnerabilities into actionable mitigation strategies and provide critical incident response support.
• Collaborative Leadership: Partner with developers and system engineers to harden architectures and embed a "security-first" mindset across the program.
• SME Authority: Define and enforce the security policies and standards that safeguard sensitive data against evolving attack vectors.

Ready to make a real-world impact? Apply today and help us secure the future.

LI-PB2

• Must possess a TS/SCI clearance appropriate polygraph
• Must have experience with penetration testing tools.
• Must have experience in web development and programming languages such as Java, XML, Perl and HTML.

• Must have experience with programming/scripting in Python, Powershell, C, JavaScript, etc.
• Must have extensive experience performing IT security risk assessments.
• Must have experience performing web app and physical pentests.
• Must have experience with or strong familiarity of the following Web Application tools; Burp Suite, Web Inspect, Appdetective.
• Must have experience with or strong familiarity of Kali.
• Must have experience with or strong familiarity of IPS/IDS solutions.

• Must have a strong understanding of the Cyber Kill Chain methodology.
• Must have experience applying Risk Management Framework.
• Must have experience with secure configurations of commonly used desktop and server operating systems.
• Must have the ability to effectively collaborate with technical staff and customers to form mitigation strategies and plan for continuous modernization and legacy integration.
• Must have experience managing multiple projects simultaneously and quickly and effectively adjusting to shifting priorities in resolving issues.

Preferred Qualifications

• Bachelor's degree in a technical/information assurance field and at least 12 years of relevant experience.

• Certifications in one or more of the following areas strongly preferred:
  • GIAC Web Applications Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • Certified Web Application Defender (GWEB)
  • Certified Information System Security Professional (CISSP)
• Extensive experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
• Extensive experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass development, design, and implementation.​