TCG is an award-winning, government IT solutions provider. We are seeking a Security Penetration Tester with a Burp Suite focus to join our project team at a major Federal agency.

US Citizenship and the ability to pass a Federal government clearance check are required.

As a Security Penetration Tester, you will be responsible for implementing a comprehensive testing framework that combines internal and external testing vulnerability sources, security tools, and vendor capabilities. You provide penetration testing for applications and systems within the ATO boundary and advise Software Developers, Project Managers, and other team members on the optimal methods to meet security requirements while minimizing impact and delays in meeting mission requirements.


  • Conduct penetration testing of web applications using Burp Suite
  • Review new systems and features
  • Utilize OSS for static code testing, as well as testing native apps, and other systems
  • Assist with third-party software and provider due diligence
  • Provide stakeholders with concise, well-written penetration reports
  • Conduct team exercises to evaluate and improve processes and technologies, including application design, threat detection, incident response, patching, vulnerability remediation, secure development training, and user training
  • Contribute to security strategy, policies, and standards
  • Ensure security policies and standards are understood and implemented in the organization
  • Develop, mature, and run a security education program for technical staff
  • Coach and collaborate with engineers to build security and privacy by design


  • At least 3 years of related work experience
  • At least 1 year of penetration security testing experience
  • At least 2 years of experience using Burp Professional
  • Experience working with scripting and development languages. Examples include Python, JavaScript, Java, and .Net
  • In-depth knowledge of information technology, evolving threats, attack patterns, incident response, and cybersecurity standards
  • Adept at collaborating with software engineers to build security and privacy during design and development
  • Experience using proven secure development frameworks and industry and best practices. Examples include OWASP Top 10, SANS Top 25, and SDL
  • Versed in FISMA, FedRAMP, NIST 800–53v4, NIST SP 800–145; Cloud Model and Technology Expertise
  • Strong communications and interpersonal skills


  • Linux/Windows administration certifications, Splunk Power User, Offensive Certified Security Professional (OCSP)
  • Programming/development experience with Python or comparable language
  • Systems automation
  • Experience with Kali Linux, and the suite of tools within it


  • Bachelor’s degree in Information Technology, Computer Information Systems, Business, or a related discipline is preferred but not required. Four years of experience is acceptable in lieu of a degree.

Naturally, TCG does not discriminate on the basis of race, sex, color, religion, national origin, age, disability, veteran status, or anything else that makes you part of any group. We discriminate on the basis of talent, ability, commitment, and experience.

We pay competitive wages and provide excellent benefits. We have a 401K plan, a health plan that includes dental and vision benefits, pet health insurance, support for sick-child daycare, book and fitness clubs, a generous training budget for each employee, employee-led (and TCG paid) social events, company charity events, free theater, and sports tickets, and much more.

In fact, in 2020 Fortune magazine named TCG on their best workplace lists for the fifth year in a row and The Washington Post named TCG as a “Top Workplace” for the sixth straight year, based on how our employees feel about the company, the benefits TCG offers, and the work/life balance that our staff are able to achieve.

Try us… we’ll make you happy.