Penetration Tester

Position:
Offensive Security Consultant (Mid-Senior)

Location:

United States - Remote

Employment Type:

Full Time

Pay Range: $100k-$160k /yr base salary depending on experience/expertise

• Conduct manual penetration testing across internal, external, and wireless networks, web applications, APIs, thick clients, cloud infrastructure, and
• Execute full-scope covert red team engagements, adversary simulations, assumed breach engagements, social engineering, and physical assessments
• Manage infrastructure necessary to conduct red team operations
• Develop custom proof-of-concept exploits and tooling when automated or existing tools are insufficient
• Produce clear, comprehensive technical reports and executive summaries that outline vulnerabilities, business impact, and remediation guidance
• Stay current on emerging threats, TTPs, and cyber security trends
• Contribute to penetration testing framework, including deliverables, custom script development, testing methods and techniques, and ongoing research
• Participate in project kickoff and report delivery meetings
• Lead by example in behavior, work ethic, and punctuality

• Minimum of 5-7 years of professional experience in hands-on manual penetration testing and/or red teaming
• Strong in either network or appsec, and passable on the other
• Skills-based industry certification (Off Sec, Zero-Point Security, SEKTOR7, etc)
• Proficient with common industry tools and C2 frameworks
• Some level of scripting/coding proficiency
  
  Excellent ability to troubleshoot technical issues
• Exhibit extensive knowledge of industry standard penetration testing frameworks and methods (e.g., PTES, OWASP, MITRE ATT&CK)
• Strong organizational skills, including ability to deliver with minimal supervision
• Strong professionalism and speaking/writing skills
• Ability to multi-task without compromising deadlines and assignment

• Previous experience conducting penetration testing in a consulting capacity
• Working knowledge of PCI DSS, HIPAA, and SOC 1/2, and the ability to translate offensive security findings into compliance-relevant risk and
• Experience with malware development, C2 framework enhancements, and EDR evasion Science, Engineering or related discipline
• Desire to contribute to blog and/or speak at industry conferences on occasion

These are not tool-heavy, checkbox pentests. Our testers think and act like adversaries - endpoint evasion, privilege escalation, moving laterally, and chaining attacks until we hit business-critical objectives. We write narrative-driven reports that tell the full story from entry to impact, showing the path taken and the attacker mindset, and conveying the risks in a way that the client understands.

Automated tools, BAS platforms, and AI agents can tell you where the low-hanging fruit is. What they can’t do is think like an adversary, turning a series of small flaws into full-on breaches. That takes curious, disciplined, relentless humans… Hackers. We do pentests the way real attackers do, but with one purpose - to make our clients stronger, safer, and prepared for the real thing.