Systems Security Specialist
Job ID: LG936422514
Job Category: Information Technology
Job Location: Baltimore, MD
Pay Range: $120000.00 - $145000.00/YEAR
Job Type: Permanent
Systems Security Specialist
Abel is hiring a Systems Security Specialist for a hybrid opportunity in Baltimore, MD. This role is ideal for an experienced cybersecurity professional with deep hands-on penetration testing, red team, vulnerability assessment, and offensive security experience.
This is a senior-level position supporting a highly regulated environment. Candidates must be able to work hybrid onsite in Baltimore 2 days per week and must meet the minimum qualifications listed below.
Location
Baltimore, MD — Hybrid
Onsite required 2 days per week
Onsite required 2 days per week
Compensation
$123,000 – $145,000 annually, plus benefits
About the Role
The Systems Security Specialist will conduct internal and external penetration testing across networks, web applications, APIs, cloud environments, and enterprise systems. This role requires strong technical offensive security experience, formal reporting capabilities, and the ability to communicate risk clearly to both technical and executive stakeholders.
The selected candidate will support security testing, red team activities, incident response validation, secure configuration reviews, threat modeling, and compliance mapping aligned to frameworks such as NIST, OWASP, CIS, and MITRE ATT&CK.
Key Responsibilities
- Conduct internal and external penetration testing of networks, web applications, APIs, and cloud environments.
- Perform red team engagements using real-world adversary tactics, techniques, and procedures aligned with MITRE ATT&CK.
- Execute vulnerability assessments and validate remediation through retesting and technical verification.
- Develop comprehensive penetration testing reports with executive summaries, risk ratings, proof-of-concept evidence, and remediation guidance.
- Perform threat modeling and attack surface analysis to identify high-risk exposure areas and privilege escalation pathways.
- Conduct secure configuration reviews of operating systems, network infrastructure, cloud platforms, and identity systems.
- Evaluate application security using dynamic and manual testing techniques.
- Test authentication, session management, input validation, and access control controls.
- Review source code for security weaknesses in languages such as C/C++, Python, Java, or similar.
- Develop custom scripts or tools to automate testing activities and enhance offensive security capabilities.
- Support incident response activities by recreating attack chains, validating compromise scenarios, and identifying root causes.
- Assess Zero Trust implementations, micro-segmentation strategies, and identity-based security controls.
- Conduct phishing simulations and social engineering exercises.
- Provide technical briefings to executive leadership and technical stakeholders.
- Collaborate with engineering, DevOps, and infrastructure teams to remediate vulnerabilities.
- Support compliance efforts by mapping findings to NIST, OWASP, CIS, or other applicable security frameworks.
Required Qualifications
Applicants must meet the following minimum requirements to be considered:
- Minimum of 8 years of progressive cybersecurity experience.
- Minimum of 5 years performing penetration testing or red team engagements.
- Minimum of 5 years conducting network penetration testing, web application testing, API testing, internal/external vulnerability assessments, threat modeling, and attack path analysis.
- Minimum of 5 years developing and delivering formal penetration test reports, including executive summaries and technical remediation guidance.
- Minimum of 5 years supporting incident response investigations and validation testing.
- Minimum of 5 years using common penetration testing tools, such as Metasploit, Burp Suite, Nmap, Wireshark, Nessus, or similar.
- Strong knowledge of:
- Secure coding practices
- Application security testing
- SAST/DAST concepts
- Network architecture and segmentation
- Identity and access management concepts
- Minimum of 5 years of scripting or development experience in at least one language such as Python, C/C++, PowerShell, or Bash.
- Minimum of 5 years working with NIST Cybersecurity Framework, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK, and OWASP Top 10.
- Minimum of 5 years mapping security findings to control frameworks.
- At least one recognized offensive security certification such as OSCP, GPEN, GXPN, CEH, or equivalent major experience.
- Demonstrated ability to communicate technical findings to executive and non-technical audiences.
- Demonstrated experience working in government or highly regulated environments.
- Must be flexible to work overtime, onsite/offsite, weekends, holidays, and off-hours as needed.
Preferred Qualifications
- 10+ years of progressive cybersecurity experience.
- 8+ years of advanced offensive security experience.
- Experience leading red team engagements.
- Experience performing adversary emulation exercises.
- Experience conducting phishing and social engineering simulations.
- Experience performing purple team exercises.
- 5+ years of Zero Trust and security architecture experience.
- Experience assessing Zero Trust implementations, micro-segmentation, and identity-centric controls.
- 5+ years of cloud and modern infrastructure security assessment experience.
- Experience testing AWS, Azure, Docker, Kubernetes, Infrastructure-as-Code, and CI/CD pipelines.
- Strong low-level development knowledge, including kernel, assembly, embedded systems, or advanced exploit analysis.
- Experience reviewing source code in Java or other compiled languages.
- Experience supporting federal or state government security programs.
- Familiarity with FedRAMP, FISMA, or IRS Pub 1075 environments.
Application Note
Please apply only if you meet the required minimum qualifications. Candidates who do not meet the minimum years of experience, penetration testing background, scripting experience, and security framework experience may not be considered.