Senior Systems Security Specialist

DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA. With a focus on end-to-end managed IT services, including managed mobility, cloud, cybersecurity, network operations, and application development, DMI supports public sector agencies and commercial enterprises around the globe. Recognized as a Top Workplace, DMI is committed to delivering secure, efcient, and cost-effective solutions that drive measurable results. Learn more at www.dminc.com

DMI, LLC is seeking a Senior Systems Security Specialist to perform internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths, and other related tasks.

Duties and Responsibilities:

Conduct internal and external penetration testing of networks, web applications, APIs, and cloud environments to identify security vulnerabilities and exploit paths.
• Perform red team engagements simulating real-world adversary tactics, techniques, and procedures (TTPs) aligned with MITRE ATT&CK.
• Execute vulnerability assessments and validate remediation efforts through retesting and technical verification.
• Develop comprehensive penetration testing reports, including executive summaries, risk ratings, proof-of-concept evidence, and actionable remediation guidance.
• Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.
• Conduct secure configuration reviews of operating systems, network infrastructure, cloud platforms, and identity systems.
• Evaluate application security through dynamic and manual testing techniques, including authentication, session management, input validation, and access control testing.
• Review source code for security weaknesses and secure coding gaps, particularly in C/C++, Python, Java, or similar languages.
• Develop and maintain custom scripts or tooling to automate testing activities and enhance offensive security capabilities.
• Support incident response activities by recreating attack chains, validating compromise scenarios, and identifying root causes.
• Assess Zero Trust implementations, micro-segmentation strategies, and identity-based security controls for effectiveness.
• Conduct phishing simulations and social engineering exercises to evaluate user awareness and organizational resilience.
• Provide technical briefings to executive leadership and technical stakeholders regarding risk posture and remediation prioritization.
• Collaborate with engineering, DevOps, and infrastructure teams to remediate identified vulnerabilities and strengthen security architecture.
• Contribute to the development of security policies, testing methodologies, and enterprise security standards.
• Support compliance efforts by mapping testing results to NIST, OWASP, CIS, or other applicable security frameworks.
• Participate in continuous improvement of penetration testing methodologies, tools, and adversary emulation strategies.
• Adhere to all security, change control, and Project Management Office (PMO) policies, processes, and methodologies.
• Note: The candidate must be flexible to work overtime, on-site/off-site, as needed, including weekends, holidays, and off-hours.

Education and Years of Experience:

• A Minimum eight (8) years of progressive experience in cybersecurity
• A minimum of five (5) years performing penetration testing or red team engagements.
• A minimum of five (5) years conducting network penetration testing, web application and API testing, internal and external vulnerability assessments and threat modeling and attack path analysis
• A minimum of five (5) years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance.
• A minimum of five (5) years supporting incident response investigations and validation testing.
• A minimum of five (5) years with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark, Nessus, etc.).
• Strong knowledge of Secure coding practices, Application security testing (SAST/DAST concepts), Network architecture and segmentation and Identity and access management concepts
• A minimum of five (5) years of demonstrated scripting or development ability in at least one language (e.g., Python, C/C++, PowerShell, Bash).
• A minimum of five (5) years of working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK and OWASP Top 10
• A minimum of five (5) years of experience mapping findings to security control frameworks.
• At least one recognized offensive security certification (e.g., OSCP, GPEN, GXPN, CEH, or major experience can substitute for certification).
• Demonstrated ability to communicate technical findings to executive and non-technical audiences, and provide actionable remediation recommendations.
• Demonstrated experience working in government or highly regulated environments.

Additional Requirements:

• A minimum of ten (10) years of progressive experience in cybersecurity
• A minimum of eight (8) years of experience in Advanced Offensive Security:
• Experience leading red team engagements.
• Experience performing adversary emulation exercises.
• Experience conducting phishing and social engineering simulations.
• Experience performing purple team exercises.
• A minimum of five (5) years of experience in Zero Trust & Architecture:
• Experience designing or assessing Zero Trust implementations.
• Experience evaluating micro-segmentation strategies and identity-centric controls.
• A minimum of five (5) years of experience in Cloud & Modern Infrastructure:
• Experience performing security assessments in AWS or Azure environments, Containerized environments (Docker/Kubernetes) and Infrastructure-as-Code deployments
• Experience testing CI/CD pipelines.
• A minimum of ten (10) years of experience in Software Development Depth:
• Strong low-level development knowledge (kernel, assembly, embedded systems) that supports advanced exploit analysis.
• Experience reviewing source code in JAVA or other compiled languages for vulnerabilities.
• A minimum of ten (10) years of experience in Government in the following:
• Experience supporting federal or state government security programs.
• Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments.

Background Requirements: Must be able to complete a required fingerprint background investigation.

Citizenship Status Required: H 1B

Physical Requirements: None required for this position.

Location: Baltimore, MD (hybrid)

DMI is a diverse, prosperous, and rewarding place to work. Our culture is shaped by five core values that guide how we work, grow, and succeed together:

• Do What's Right - We lead with honesty and integrity.
• Own the Outcome - We take responsibility and deliver.
• Deliver for Our Customers - We are relentless about delivering value.
• Think Bold, Act Smart - We innovate with purpose.
• Win Together - We collaborate and celebrate our success.

These values aren't just ideals-they show up in how we support every part of your well-being:

• Convenience/Concierge - Virtual health visits, commuter perks, pet insurance, and entertainment discounts that make life easier.
• Development - Annual performance reviews, tuition assistance, and internal career growth opportunities to help you thrive.
• Financial - Generous 401(k) matches, life and disability insurance, and financial wellness tools to support your future.
• Recognition - Annual awards, service anniversaries, referral bonuses, and peer-to-peer shoutouts that spotlight your achievements.
• Wellness - Healthcare coverage, wellness programs, flu shots, and biometric screenings to support your health.

DMI values employees for their talents and contributions, and we take pride in helping our customers achieve their goals. Because when we live our values, we all win together.

***************** No Agencies Please *****************

Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. US citizenship may be required for some positions.