Senior Penetration Testing and Red Team Lead
Resume:
Marcellus A. Williams II
*** ******* ****, **** ******, MD 21060
*******************@*****.***
LinkedIn Profile
Objective
Experienced cybersecurity professional seeking a Senior, Principal Penetration Tester, or Red Team Lead position in Maryland, Northern Virginia, the Washington D.C. Area, or Remote. I have 8 years experience conducting Red Teaming Engagements as a Government Contractor/Civilian, and 10 years experience conducting Web Application/Network Penetration Testing. I have 4 years experience conducting Cloud Penetration Testing. I have 11 years experience in Cyber Security. I have 15 years of Information Technology Experience.
Skills & Certifications
Certifications:
o HackTheBox Certified Active Directory Pentesting Expert (2025) o HackTheBox Certified Penetration Testing Specialist (2025) o HackTheBox Certified Bug Bounty Hunter (2025)
o (ISC) Certified Information Systems Security Professional (CISSP) (2021- 2027)
o GIAC Network Penetration Tester (GPEN) (2022-2026) o GIAC Exploit Researcher and Advanced Penetration Tester (2024-2028) o HackTheBox AI Red Teamer Course (2025)
o Offensive Security Certified Professional Course (2024) o Virtual Hacking Labs Advanced+ (2025)
o Certified Ethical Hacker (2018-2027)
o Red Team Apprentice Certification (RTAC) K>FiveFour (2023) o GIAC Response & Industrial Defense Certification (GRID) (2024-2028) o GIAC Web Application Penetration Tester (2024-2028) o Security+ (2017-2026)
o Cisco Certified Network Associate (2021-2024)
o Certified Ethical Hacker Master (2020-2026)
o Army Cyber Threat Emulation Course (2020)
o Army Intermediate Cyber Core Course (2020)
o Cyberspace Response Actions (CsRA) (2021)
o Cyber Operations Officer Course (CyOOC) (2021)
o CMMC Registered Professional Course (2020)
o Cyber Officer Planning Course (COPC) (2021)
Penetration Testing Disciplines:
o Web Application, Network, API/Serverless, Wireless, and Cloud (AWS, Azure, GCP)
o Adversary emulation and risk/vulnerability assessments o Incident detection, response, malware analysis, and cyber forensics
Programming Languages:
o Java, JavaScript, AngularJS, HTML/CSS, Canvas, MySQL, C++, C, C#, Python, Ruby, NoSQL, Machine Assembly
Operating Systems:
o Windows, Linux, Android, iOS, Cisco, Red Hat, Unix o Cloud: AWS, Azure, GCP
Tools & Software:
o Binary Ninja, Cobalt Strike/Core Impact, Splunk, Security Onion, Kali Linux, Red Hat Enterprise Linux, Unix, PowerShell
o Metasploit, Burp Suite, Nessus, WebInspect, Scout Suite, PACU, AWS CLI, App Detective, Scuba
o Scripting/automation with Python, Bash, PowerShell o Google Cloud, Ghidra, Machine Learning, CyberPoint CATO Automated Offensive Tool
o Routers, Firewalls, Sniffers, Encryption Algorithms, Symantec Endpoint Protection
o Microsoft Project (GANTT Charts), Automation
Regulatory & Compliance
o Knowledge of NIST SP 800-53, 800-115, PTES, OWASP, ISSAF o HIPAA, HITECH
Other:
o Secure Coding, Web Application Vulnerability Analysis, Windows Exploit Development, Linux Exploit Development
Professional Experience
Senior Penetration Tester / Red Team Lead (Full Time) Guidehouse (Department of State Program), Beltsville, MD (SEP 2025 – Present)
I provide advanced penetration testing services for Department of State networks and cloud-hosted systems, using both manual and automated tactics, techniques, and procedures to identify exploitable vulnerabilities and measure compliance with organizational security policies.
I execute external and internal assessments by mimicking both outsider and insider threat actors, defining precise scope and Rules of Engagement, and working directly with client IT teams to ensure targeted and comprehensive testing.
I develop and execute Red Team operations focused on accessing high-value datasets, utilizing crafted phishing emails, exploit code, custom-built websites, and social engineering campaigns tailored to client environments.
I conduct network mapping, reconnaissance, and vulnerability analysis, and am responsible for drafting thorough test plans and securing management approvals in line with federal standards (NIST, FISMA, FedRAMP).
I analyze test results, prepare risk-based technical reports, and deliver actionable remediation recommendations to both technical and non-technical stakeholders.
I leverage my deep expertise in Windows, Linux, and macOS internals; Active Directory enumeration and exploitation; cloud platforms (AWS, Azure, GCP); and scripting/automation (Python, PowerShell, Bash) to address evolving threat landscapes and client mission objectives.
I regularly brief management and technical teams on findings and collaborate cross-functionally to improve the organization’s security posture while mentoring junior team members in advanced testing methodologies. Senior Penetration Tester/ Penetration Testing Subject Matter Expert (Full Time) Peraton, Linthicum Heights, MD (JAN 2025 – SEP 2025)
Lead delivery of penetration testing services for the Defense Industrial Base
(DIBNET) environments, covering web, network, API, and cloud engagements
(AWS, Azure, GCP)
Conduct network and web application tests, including manual and automated assessments with Kali, Nmap, Burp Suite, Metasploit, and Cobalt Strike
Conducted advanced phishing campaigns simulating nation-state adversaries and supported development of adversary emulation methodologies.
Deliver expert guidance to customers on penetration testing best practices, risk mitigation, and regulatory compliance
Perform adversary emulation, vulnerability research, and exploit development
Mentor team members and manage Adversary Emulation Team infrastructure
White-box and Black-box testing for Cleared Commercial clients
Develop and automate tools/scripts for exploitation and reconnaissance (Python, Bash, PowerShell)
SYNACK Red Team Member (Part Time)
SYNACK, Remote (SEP 2022 – PRESENT)
Provide vulnerability assessments and reporting for a range of commercial applications and systems
Conduct bug bounty investigations and remediation guidance Cyber Operator – Red Team/Penetration Tester (Full Time) Systems Application & Technologies, MD (AUG 2022 – JAN 2025)
Developed Cyber Threat Emulation TTPs for DoD Certified Red Teams
Conducted red team operations, white-box/black-box testing, custom exploit creation, and adversary simulations
Created custom exploits using Python Scapy and conducted penetration testing on aviation/navigation systems.
Participated in National Cyber Red Zone CTF, scoring 4400 out of 6000 points.
Specialized in aviation and navigation system testing Senior Penetration Tester (Full-Time Until August 2022, Part-Time Until July 2024) Edward’s Performance Solutions, Columbia, MD (FEB 2020 – JUL 2024)
Established and managed penetration testing programs for healthcare and education sectors
Created custom tools, trained junior staff, and performed full-scope penetration testing
Led continuous monitoring with Nessus and CyberPoint CATO platform
Completed a full-scope Penetration Test for an organization with 500+ web applications and 11,000 IPs.
Previous Roles:
Penetration Tester/Software Engineer, Department of Defense Cyber Defense Command (DCDC) (Jun 2019 – February 2020)
Cyber Security Engineer, Defense Information Systems Agency (Mar 2019 – Jun 2019; Oct 2017 – Mar 2019)
US Army Reserve Officer – Senior Network Analyst, Cyber Threat Emulator, North Central Cyber Protection Center (May 2015 – Present)
Cyber Security Engineer / Software Engineer/ Penetration Tester (Intern), Navy Exchange Command (May 2016 – Aug 2016)
Cyber Security Engineer (Intern), Defense Counterintelligence and Security Agency (DCSA) (May 2015 – Aug 2015)
Graduate Student Research Assistant/ Penetration Tester, Hampton University
(Sep 2015 – May 2016, Sep 2016 – May 2017)
Information Technology Assistant, Health Partners Home Health (Jul 2011 – Jul 2018)
Teacher's Assistant for Computer Science Courses, Hampton University (Sep 2010 – May 2013)
Education
Master’s Degree in Information Assurance
Hampton University, Hampton, VA (MAY 2017)
Bachelor’s Degree in Computer Science
Hampton University, Hampton, VA (MAY 2015)
Clearance
TS/SCI with CI Polygraph
Contact this candidate