Systems Security Specialist -- Hybrid, Baltimore, MD

Systems Security Specialist — Hybrid, Baltimore, MD

Abel is hiring a Systems Security Specialist for a senior-level cybersecurity role in Baltimore, MD. This is a hybrid position requiring onsite work 2 days per week.

We are seeking a highly experienced offensive security professional with strong penetration testing, red team, vulnerability assessment, threat modeling, scripting, incident response validation, and security framework experience.

Only candidates who meet the required qualifications should apply.

Pay

$123,000 – $145,000 per year, plus benefits

Schedule / Work Location

• Hybrid role based in Baltimore, MD
• Onsite required 2 days per week
• Must be flexible to work overtime, weekends, holidays, and off-hours when needed

Job Summary

The Systems Security Specialist will perform hands-on security testing across enterprise environments, including networks, applications, APIs, cloud platforms, identity systems, and infrastructure. This role includes penetration testing, red team engagements, vulnerability validation, threat modeling, secure configuration reviews, incident response support, and technical reporting.

The ideal candidate has strong offensive security experience, understands regulated environments, and can explain technical risk clearly to executive, business, and technical audiences.

Responsibilities

• Perform internal and external penetration testing.
• Test networks, web applications, APIs, and cloud environments.
• Conduct red team engagements aligned with MITRE ATT&CK.
• Perform vulnerability assessments and remediation validation.
• Create detailed penetration testing reports with executive and technical findings.
• Conduct threat modeling and attack surface analysis.
• Review system, network, cloud, and identity security configurations.
• Test application security controls, including authentication, session management, input validation, and access control.
• Review source code for vulnerabilities and secure coding gaps.
• Build scripts or tools to automate offensive security testing.
• Support incident response investigations by recreating attack chains and validating compromise scenarios.
• Assess Zero Trust, micro-segmentation, and identity-based security controls.
• Conduct phishing simulations and social engineering exercises.
• Brief executive and technical stakeholders on findings and remediation priorities.
• Work with engineering, DevOps, infrastructure, and security teams to resolve vulnerabilities.
• Map findings to NIST, OWASP, CIS, MITRE ATT&CK, or related frameworks

Minimum Requirements

Candidates must have:

• 8+ years of progressive cybersecurity experience
• 5+ years of penetration testing or red team experience
• 5+ years of network penetration testing, web application testing, API testing, internal/external vulnerability assessments, threat modeling, and attack path analysis
• 5+ years creating formal penetration testing reports
• 5+ years supporting incident response investigations and validation testing
• 5+ years using penetration testing tools, including tools such as:
• • Metasploit
  • Burp Suite
  • Nmap
  • Wireshark
  • Nessus
• Strong knowledge of:
• • Secure coding
  • Application security testing
  • SAST/DAST concepts
  • Network architecture and segmentation
  • Identity and access management
• 5+ years of scripting or development experience in Python, C/C++, PowerShell, Bash, or similar
• 5+ years working with NIST CSF, NIST 800-53 or similar federal control frameworks, MITRE ATT&CK, and OWASP Top 10
• 5+ years mapping technical findings to security control frameworks
• Offensive security certification such as OSCP, GPEN, GXPN, CEH, or equivalent major experience
• Experience communicating security findings to executive and non-technical audiences
• Experience working in government or highly regulated environments
• Ability to work onsite in Baltimore 2 days per week

Preferred Experience

• 10+ years of cybersecurity experience
• 8+ years of advanced offensive security experience
• Red team leadership experience
• Adversary emulation experience
• Phishing and social engineering simulation experience
• Purple team experience
• Zero Trust assessment or implementation experience
• Micro-segmentation and identity-centric control experience
• AWS or Azure security assessment experience
• Docker, Kubernetes, Infrastructure-as-Code, or CI/CD pipeline security testing experience
• Low-level development knowledge such as kernel, assembly, embedded systems, or exploit analysis
• Java or compiled-language source code review experience
• Federal or state government cybersecurity program experience
• FedRAMP, FISMA, or IRS Pub 1075 familiarity

Who Should Apply

Apply if you are a senior cybersecurity professional with deep hands-on offensive security experience and the ability to work in a regulated environment.

Please do not apply if you do not meet the minimum cybersecurity, penetration testing, scripting, reporting, and framework experience requirements.