Mid-level Risk and Vulnerability Assessment (RVA) Tester

Job Locations US-MD-Baltimore
Job ID
# of Openings
IT Security
Public Trust
Work Authorization
US Citizens, preferred


VariQ has an exciting opportunity for a highly qualified Mid-level Risk and Vulnerability Assessment (RVA) Tester to support the CMS project in Maryland.


Additional Information:

  • LocationBaltimore, MD with 35% travel component
  • Salary: Dependent upon experience
  • Security Clearance: Must be able to obtain “Public Trust” level 6 clearance. (SF-85 and SF-86 submission required)
  • Available: ASAP


  • Perform RVA penetration activities utilizing various automated tools
  • Perform Network and Application penetration tests on a wide range of technologies using automated and manual testing techniques
  • Exploit security flaws and vulnerabilities with regard to a predefined scope of work and ROE
  • Interface with client(s) to plan and coordinate system assessments in a professional manner
  • Prepare and Deliver well documented reports identifying weaknesses with mitigation strategies




  • 5+ years of Security, Software Development or Networking Experience
  • 2+ years of Manual Penetration Testing Experience exploiting various well known vulnerabilities (SQLi, XSS, CSRF, etc.)
  • 1+ years working with automated vulnerability scanning tools (e.g., Nessus, Web Inspect, etc.)
  • Demonstrated technical experience using Linux and Windows operating systems
  • Demonstrated experience using the following security tools Burpsuite, Kali Linux, NMap
  • Some network penetration testing experience (using the majority of the following: wireshark, metasploit, hydra, john, sqlmap
  • Excellent technical writing skills and attention to detail
  • Ability to work in a fast paced environment
  • Exceptional customer facing communication skills
  • This work will require up to 35% of travel in the US Continental.



  • Ability to understand and demonstrate new concepts and technologies quickly
  • Database Experience (Oracle, MSSQL, MySQL, MongoDB)
  • Application Fuzzing and Web Services testing experience (WSFuzzer, SPIKE, Sulley, SoapUI, BurpSuite)
  • Software Development and/or Scripting Experience in C++, Java, C#, perl, python or bash
  • Source Code Review (aka Static Analysis) Experience
  • Certifications (GPEN, GWAPT, OSCP, CEH, CISSP)
  • Knowledge of NIST 800 series and/or FISMA


Clearance: US Citizen - Must be able to obtain “Public Trust” level 6 clearance. (SF-85 and SF-86 submission required).




VariQ is an equal opportunity employer.



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed