Security Consultant II; Thick Client Penetration Tester

Security Consultant II (Thick Client Penetration Tester)

NetSPI® pioneered Penetration Testing as a Service (PTaaS) and leads the industry in modern pen testing. Combining world‑class security professionals with AI and automation, NetSPI delivers clarity, speed, and scale across 50+ pentest types, attack surface management, and vulnerability prioritization. The NetSPI platform streamlines workflows and accelerates remediation, enabling our experts to focus on deep dive testing that uncovers vulnerabilities others miss.

Trusted by the top 10 U.S. banks and Fortune 500 companies worldwide, NetSPI has been driving security innovation since 2001.

NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer‑first mindset to join our team.

Join the mission as a Security Consultant II. We are seeking a skilled and detail‑oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. As a Penetration Tester supporting Thick client testing, you will be responsible for performing thick client, web and mobile penetration testing. You will work closely with clients to deliver clear, actionable reports and contribute to the development of security best practices.

• Conduct penetration testing engagements on the following service lines independently:
  • Thick Application Penetration Testing
  • Includes Web Application Penetration (WaPen) testing.
  • Occasionally includes Mobile (MaPen) and IOT/embedded penetration testing.
• Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client‑specific processes, reporting standards, and access protocols to help improve their security posture.
• Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes.
• Perform administrative tasks related to day‑to‑day consulting activities to ensure smooth business and engagement operations.

• Bachelor’s degree or higher required, with a concentration in Computer Science, Engineering, Math, or IT preferred, or equivalent experience.
• Minimum of 3‑4 years of work experience in Thick Application Penetration Testing for applications written in Java, C#, C, C++, Swift, Rust, etc. code.
• Experience with offensive toolkits used in web application penetration testing.
• Experience with disassemblers and debuggers like Win Dbg, IDA, Ghidra, etc.
• Experience with dynamic instrumentation toolkits like Frida.
• Familiarity with offensive tools (e.g., Kali Linux, Burp Suite, Metasploit, Nessus).
• Familiarity with offensive and defensive IT concepts and protocols.
• Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks.
• Working knowledge of Windows, Linux and MacOS operating systems internals.
• Ability to work independently and as part of a team.
• Proficient communication skills, both written and verbal.
• This position requires an 8‑hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs.

• Experience performing fuzz testing.
• Ability to reverse engineer proprietary application layer protocols.
• Experience with IOT/embedded penetration testing.
• Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#).
• Offensive Security Certifications (e.g., GWAPT, GPEN, GXPN, OSWE, OSCP, OSCE).

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

• Mid‑Senior level

• Full‑time

• Information Technology

• Computer and Network Security