Role Overview
The Cybersecurity Level 3 Engineer is a senior technical security role responsible for executing and leading penetration testing, vulnerability management, and advanced security assessments across enterprise or client environments. This position requires deep technical expertise, the ability to validate real-world exploitability, and strong collaboration with engineering and leadership teams to reduce organizational risk.
Key Responsibilities
- Perform internal, external, web application, and network penetration tests using industry-standard methodologies
- Validate vulnerability scanner findings through manual testing and exploitation techniques
- Conduct attack simulations and adversary emulation aligned to real-world threat scenarios
- Lead vulnerability management lifecycle activities including prioritization, remediation validation, and risk acceptance
- Identify false positives and confirm true security weaknesses through hands-on analysis
- Develop and maintain penetration testing methodologies, playbooks, and reporting standards
- Produce detailed penetration testing and vulnerability reports with risk ratings and remediation guidance
- Collaborate with SOC, infrastructure, cloud, and application teams to remediate identified risks
- Support red team and purple team exercises and threat modeling activities
- Assist with security architecture reviews and secure design recommendations
- Mentor Level 1 and Level 2 security engineers
- Support compliance-driven testing requirements (SOC 2, ISO 27001, PCI DSS, NIST, CMMC)
Required Qualifications
- 4+ years of experience in cybersecurity with a strong focus on penetration testing and vulnerability management
- Hands-on experience with manual penetration testing techniques
- Strong knowledge of common vulnerabilities (OWASP Top 10, CWE, CVE)
- Experience with vulnerability scanning tools (Nessus, Qualys, Rapid7, OpenVAS)
- Proficiency with penetration testing tools (Burp Suite, Metasploit, Nmap, BloodHound, SQLmap)
- Strong understanding of Windows, Linux, Active Directory, networking, and authentication mechanisms
- Experience validating exploitability and business impact of vulnerabilities
- Familiarity with the MITRE ATT&CK framework
- Strong written communication and reporting skills
Preferred Qualifications
- Experience conducting cloud penetration testing (Azure, AWS, Microsoft 365)
- Experience with identity and privilege escalation attacks (Active Directory, Kerberos, MFA bypass concepts)
- Exposure to red team or purple team operations
- Scripting or automation experience (Python, PowerShell, Bash)
- Experience in an MSP or consulting environment
- Relevant certifications: OSCP, OSCE, GPEN, GWAPT, CEH, CRTO, PNPT
What Success Looks Like
- Vulnerabilities are accurately validated and prioritized based on real risk
- Penetration testing results are actionable, clear, and respected by engineering teams
- False positives are reduced and scanner results are meaningfully improved
- Security posture improves measurably over time
- Junior engineers are coached and elevated technically
- Leadership receives clear, risk-based insights