Cybersecurity Testing and Evaluation Specialist - Entry to Mid Level (Maryland) Job in Fort Meade, MD

Vacancy No. 1252204 Department National Security Agency/Central Security Service
Salary $86,498.00 to $151,570.00 Grade 7 to 12
Perm/Temp Permanent FT/PT Full-time
Open Date 12/12/2025 Close Date 12/14/2025
Job Link Apply Online Who may apply Status Candidates
Locations:
Fort Meade, MD


Summary

As a Cybersecurity Testing Specialist, you will apply your cybersecurity expertise to perform formal assessments mimicking real-world attacks to identify methods for circumventing security features of applications, systems, and networks. This fact-based testing, leveraging cutting-edge methodologies, will give you the unique opportunity to identify flaws and vulnerabilities in system design and influence remediations.

This job is open to

Federal employees - Excepted service

Current federal employees whose agencies have their own hiring rules, pay scales and evaluation criteria.

Duties

Cybersecurity testers at NSA play a vital role in the security of NSA's mission by conducting both security controls and adversarial testing against our state-of-the-art Information Technology (IT) systems executing NSA's SIGINT and Cybersecurity missions. NSA is advancing technology to deliver mission outcomes. As such, Cybersecurity testers have the opportunity to work across a broad set of technologies including commercial cloud fabrics, artificial intelligence, high performance computing, and advanced cryptographic systems. These personnel are involved in both developmental and operational testing so NSA systems can be protected from the most sophisticated nation state adversaries. Some examples of tasks include:

- Conducting security controls testing of NSA systems to ensure controls are properly implemented by system owner(s)
- Conducting testing against cloud fabrics, including various security configuration options of cloud services and a wide variety of different security configurations
- Assessing the effectiveness of security solutions against cybersecurity frameworks (e.g. MITRE Attack Framework)
- Operating within teams focused on implementing and evolving cybersecurity testing procedures and implementing automation to reduce testing time and improve consistent analysis
- Operating within a cybersecurity team for each of the life cycle steps of the Federal Government's Risk Management Framework (RMF), as maintained by the National Institute of Standards and Technology (NIST 800-53)
- Implementing automation across the cybersecurity testing processes

Depending on their education, training, and experience, Cybersecurity testers are hired into positions as a Testing and Evaluation Specialist and placed into functional positions performing cybersecurity testing functions commensurate with their skills. Entry-level cybersecurity professionals will take on the front-line control testing of our systems while beginning to learn the intricacies of secure system design. The most experienced testing personnel will have opportunities to formulate unconstrained cybersecurity testing to emulate cybersecurity adversary and rogue system administrator threats.

Please attach a copy of your transcripts from all schools attended when applying for this position. Providing a copy of your transcripts is especially critical since the minimum qualifications for this position require a degree that demonstrates a concentration of Computer Science (CS) courses in foundational CS areas.

Requirements

Conditions of employment

  • All applicants and employees are subject to random drug testing in accordance with Executive Order 12564.

Qualifications

ENTRY/DEVELOPMENTAL
Entry is with a Bachelor's degree and no experience. An Associate's degree plus 2 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.

FULL PERFORMANCE Entry is with a Bachelor's degree plus 3 years of relevant experience or a Master's degree plus 1 year of relevant experience or a Doctoral degree and no experience. An Associate's degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.

Education

The qualifications listed are the minimum acceptable to be considered for the position.

Degree must be in Computer Science (CS) or related field (e.g., Engineering, Mathematics). Degrees in Information Technology, Information Systems, Information Security, Networking (Systems Administration), Information Assurance, and Cybersecurity may be considered relevant if the programs contain, at minimum, a concentration of courses in the following foundational CS areas: algorithms; computer architecture (not network architecture); programming methodologies and languages; data structures; logic and computation; and upper-level mathematics.

Relevant experience must be in engineering of computer or information systems over their lifecycle (i.e., requirements analysis, design, development, implementation, testing, integration, deployment/installation, and maintenance), programming, vulnerability analysis, penetration testing, computer forensics, and/or systems engineering. Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course) will be considered towards the relevant experience requirement (i.e., 24-week JCAC course will count as 6 months of experience).

Additional information

Pay: Salary offers are based on candidates' education level and years of experience relevant to the position and also take into account information provided by the hiring manager/organization regarding the work level for the position.

Salary Range: $86,498 - $151,570 (Entry/Developmental, Full Performance) Salary range varies by location, work level, and relevant experience to the position.

On the job training, internal NSA courses, and external training will be made available based on the need and experience of the selectee.

Benefits: NSA offers a comprehensive benefits package.

Work Schedule: This is a full-time position, Monday - Friday, with basic 8hr/day work requirement between 6:00 a.m. and 6:00 p.m. (flexible).

Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution.

A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.

Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Desired experience includes:

Cyber planning, cybersecurity operations, mission management, vulnerabilities, troubleshoot, mitigations, network defense, requirements management, cyber security technical knowledge, strategy and process development, project management, program management, technical writing, finished SIGINT report evaluation, partnership and customer relations (i.e. DoD, USCYBERCOM, DISA, JTFHQ DoDIN, DIB partners), joint doctrine and military planning certifications and education, coordination, communication, strong interpersonal skills, problem identification and resolution.

Additional expectations may include your ability to:

- Represent the Agency in interactions with outside customers, DoD, Congressional representatives, foreign partners, or the general public.
- Represent the Agency or its subordinate organizations to customers, suppliers, and stakeholders.
- Review Information Needs (INs) to understand operational, tactical or strategic mission requirements.
- Submit a request for information (RFI) related to target and/or mission requirements.
- Identify intelligence gaps related to target and/or mission requirements.
- Develop a strategic course of action based on target vulnerabilities, anomalous network activity, and/or mission capabilities.
- Develop an operational or tactical course of action based on target vulnerabilities, anomalous network activity, and/or mission capabilities.
- Evaluate methods, tools, and techniques that can be used to secure information/communication systems and the facilities that house them.
- Develop mitigation strategies and countermeasures to address vulnerabilities of networks, products, and services.
- Document analytic findings relevant to computer network defense.
- Maintain situational awareness of current computer network defense conditions using information from external data sources (for example, computer network defense vendor sites, CERTS, SANS, Security Focus).
- Recommend vulnerability mitigation strategies based on evaluation results.
- Maintain operational, technical, and authoritative situational awareness during operations.
- Create work teams with appropriate employees to accomplish work goals.

Required Documents

Skills:
We're looking for someone with knowledge, skills, and experience in one or more of the following:
- Cloud Security Knowledge for commercial cloud environments such as Amazon Web Services, Microsoft Azure, Oracle or Google cloud environments
- Knowledge of or experience with penetration testing or ethical hacking methodologies
- Knowledge of network attacks based on MITRE Attack Framework
- Familiarity with exploitation techniques and frameworks (network firewalls, intrusion detection systems, networks)
- Familiarity with various exploitation frameworks (e.g. Metasploit)
- Understanding of shell scripting for the development of network attack tools and techniques (e.g. Python, Perl, or Ruby)
- Knowledge of vulnerability identification, mitigations, and countermeasures
-Understanding of network protocols
- Knowledge of Windows / Linux network programming
- Knowledge of network architecture, network and IT infrastructure devices, physical and virtual
- Understanding of tools (nmap, nessus, dsniff, libnet, netcat, network sniffers) and techniques (e.g. fuzzing)
- Understanding of threat modeling and development of test scenarios
- Critical thinking and ability to break large complex problems into manageable parts

Experience and knowledge of computer security tools, vulnerability analysis, systems architecture, systems engineering, test and evaluation tradecraft, and software engineering is helpful. Working knowledge of automation tools and Linux is helpful.

The ideal candidate is someone with a desire for experiential learning and strong problem-solving, analytic and interpersonal skills who is:
- willing to take the initiative
- innovative
- able to work effectively across several different functional areas in a collaborative environment
- able to communicate effectively (both orally and written)
- well-organized and able to handle multiple assignments.

If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education.

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.


Note: We cannot accept applications on behalf of Federal Agencies. Application instructions are listed within the Job Description.


© 2006-2025, exclusive of U. S. government job opportunity announcements