More jobs:
Penetration Tester
Job in
Chicago, Cook County, Illinois, 60290, USA
Listed on 2026-05-24
Listing for:
New York Technology Partners
Full Time
position Listed on 2026-05-24
Job specializations:
-
IT/Tech
Cybersecurity, Security Manager
Job Description & How to Apply Below
- Conduct adversary emulation exercises based on realistic threat scenarios, tactics, techniques, and procedures.
- Perform penetration testing against web applications, APIs, networks, cloud environments, containers, and internal systems.
- Emulate attacker behavior to test the effectiveness of security controls, logging, alerting, and response processes.
- Identify, validate, and document exploitable vulnerabilities across applications, infrastructure, and cloud services.
- Safely exploit vulnerabilities to determine real-world impact and business risk.
- Assess authentication, authorization, access control, privilege escalation, lateral movement, and data exposure risks.
- Test cloud environments, including AWS IAM permissions, security groups, container workloads, Kubernetes, and EKS where applicable.
- Support validation of security detections and incident response playbooks by simulating relevant attack paths.
- Prepare detailed reports that include findings, evidence, risk ratings, attack paths, impact, and remediation guidance.
- Present findings to technical and non-technical stakeholders.
- Partner with engineering, Dev Ops, infrastructure, and security teams to verify remediation.
- Support vulnerability management by validating scanner findings and reducing false positives.
- Maintain awareness of emerging attacker techniques, exploit methods, cloud threats, and security testing tools.
- Follow approved rules of engagement to ensure testing is controlled, authorized, and does not disrupt production systems.
- 4+ years of hands-on experience in penetration testing, adversary emulation, red team operations, security assessment, or offensive security.
- Experience testing web applications, APIs, networks, cloud environments, and internal infrastructure.
- Familiarity with common security testing tools such as Burp Suite, Nmap, Metasploit, Nessus, sqlmap, Wireshark, or similar.
- Understanding of common vulnerabilities such as SQL injection, XSS, SSRF, IDOR, authentication bypass, privilege escalation, insecure deserialization, and misconfiguration.
- Knowledge of Linux, Windows, networking, TCP/IP, DNS, HTTP/S, identity systems, and common enterprise security controls.
- Familiarity with MITRE ATT&CK, OWASP Top 10, and secure configuration practices.
- Ability to write clear, actionable reports with practical remediation recommendations.
- Strong communication skills and the ability to explain technical risk to both technical and non-technical audiences.
- Certifications such as OSCP, PNPT, GPEN, GWAPT, eJPT, CRTO, CEH.
- Experience with AWS, Azure, or Google Cloud security testing.
- Experience with Kubernetes, Docker, containers, or EKS security.
- Familiarity with AWS Guard Duty findings and cloud incident response workflows.
- Experience with detection engineering, SIEM validation, or purple team exercises.
- Experience with source code review or secure SDLC practices.
- Familiarity with compliance frameworks such as SOC 2, ISO 27001, PCI DSS, HIPAA, or NIST.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×