Senior Penetration Testing Specialist
Listed on 2026-07-02
-
IT/Tech
Cybersecurity, IT Consultant, Data Security
Senior Penetration Testing Specialist
Join Aprio's Risk Advisory and Assurance Services Team and help clients maximize their opportunities. Aprio is a progressive, fast-growing firm looking for a Senior Penetration Testing Specialist to join their dynamic team.
Aprio is a top 20 CPA-led advisory firm that is passionate about "what's next." We are proud to be a "Best Place to Work" and have the highest ranking on Glassdoor among the top 50 public accounting firms. We are headquartered in Atlanta, GA, with over 1,200+ team members working in offices and virtually across the U.S. and internationally. Aprio serves national and international clients doing business in 50 countries with team members that speak more than 30 languages.
Aprio's IAS team serves leading technology service providers, from disruptive start-ups to global market leaders.
Our services include consulting, advisory, audits and examinations for other leading security and IT compliance standards and protocols such as: SOC 1, SOC 2, ISO 27001, ISO 27701, HITRUST, CMMC, FedRAMP, NIST CSF, GDPR, PCI DSS and others.
We are seeking an experienced Offensive Security and Penetration Testing professional to join our team and help us develop this service line from the ground up.
- We have great people dedicated to delivering a great client service experience,
- We are information security and compliance experts,
- We are committed to fostering a startup environment where teammates are rewarded for having a growth mindset.
Your Opportunities as a member of the Aprio Risk Advisory and Assurance Services team.
- Contribute to cutting-edge initiatives as we expand into CMMC, FedRAMP, PCI SSF, and work around other high performers developing custom software security solutions, offering opportunities to tackle unique security challenges in high-stakes, regulated industries.
- Work on diverse, high-impact projects across a number of teams and industries and take on the opportunity to build a team around you over time.
- Access unparalleled professional development through training, certifications, and hands-on experience with emerging technologies, ensuring you stay ahead in the rapidly evolving cybersecurity landscape.
- Enjoy a collaborative, innovative culture with competitive salary, comprehensive benefits, and flexible work arrangements, fostering both personal and professional growth.
Qualifications:
You are a great candidate for this role if you:
- Have experience with cloud infrastructure offensive security assessments (e.g., AWS, Azure, GCP), web application and API penetration testing, and traditional network penetration testing
- Are proficient in developing assessment documentation and documenting the results of your work
- Are familiar with penetration testing requirements for common security compliance frameworks (e.g., FedRAMP, PCI DSS, PCI SSF)
- Experience with Red-Team and Purple-Team engagements is a huge plus.
Candidates interested in the Role should possess the following:
- Minimum of 5 years' experience in penetration testing or a related cybersecurity role, with a focus on network, cloud infrastructure, web application, and API testing.
- Expertise in network penetration testing, including assessment of protocols (e.g., TCP/IP, DNS, VPN), firewalls, and intrusion detection/prevention systems.
- Hands-on experience with cloud security testing in platforms such as AWS, Azure, or GCP, and their cloud native solutions.
- In-depth knowledge of web application penetration testing, covering OWASP Top 10 vulnerabilities (e.g., SQL injection, XSS, CSRF) and secure coding practices.
- Strong proficiency in API security testing, including REST, SOAP, and GraphQL, with experience in identifying issues like broken authentication, excessive data exposure, and injection flaws.
- Familiarity with common penetration testing tools such as Burp Suite, Metasploit, Nmap, Nessus, Wireshark, and Kali Linux.
- Experience with scripting languages (e.g., Python, Bash, Power Shell) for automating tests or developing custom exploits.
- Understanding of secure development lifecycle (SDLC) and Dev Sec Ops practices to integrate security into CI/CD pipelines.
- Strong analytical and problem-solving skills, with the…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).