Sr. Offensive Security Consultant

Position: Sr. Offensive Security Consultant – Web App/API

Location: United States – Remote

Employment Type: Full Time

Pay Range: $130k-$160k /yr base salary depending on experience/expertise

• Conduct web application and API penetration testing using a variety of manual methods, tools, and techniques
• Develop custom proof‑of‑concept exploits and tooling when automated or existing tools are insufficient
• Produce clear, comprehensive technical reports and executive summaries that outline vulnerabilities, business impact, and remediation guidance
• Stay current on emerging threats, TTPs, and cyber security trends
• Contribute to HALOCK’s penetration testing framework, including deliverables, custom script development, testing methods and techniques, and ongoing research
• Participate in project kickoff and report delivery meetings
• Model professional standards in client‑facing and internal communications, including being prepared, on time, and responsive during active engagements

• Minimum of 6-8 years of professional experience in hands‑on manual web application and API penetration testing across a variety of technologies
• Strong knowledge of web application and API security testing tools
• Skills‑based industry certification (e.g., OSWA, BSCP, ASCP, etc.)
• Demonstrated ability to develop custom tooling in Python, Bash, or similar
• Excellent ability to troubleshoot technical issues
• Exhibit extensive knowledge of industry standard penetration testing frameworks and methods (e.g., PTES, OWASP, MITRE ATT&CK)
• Strong organizational skills, including ability to deliver with minimal supervision
• Strong professionalism and speaking/writing skills
• Ability to multi‑task without compromising deadlines and assignment expectations
• Basic project management competencies such as following process and protocol for project delivery, ability to identify project risks, project multitasking, and ability to self‑manage when appropriate
• Ability to execute assessments as defined in project plans, within assigned budgets and due dates

• Previous experience conducting penetration testing in a consulting capacity
• Cross discipline experience in areas such as network penetration testing, adversarial engagements, mobile application testing, and/or source code review
• Working knowledge of PCI DSS, HIPAA, and SOC 1/2, and the ability to translate offensive security findings into compliance‑relevant risk and remediation guidance
• Formal education in Information Security, Information Technology, Computer Science, Engineering or related discipline
• Desire to contribute to HALOCK’s blog and/or speak at industry conferences on occasion

HALOCK offers excellent compensation and benefits packages including competitive bonus potential, training and paid certification opportunities, paid time off, health, dental, 401(k), long‑term disability, conference attendance, and more.

• HALOCK is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees.
• All candidates invited to interview will be required to sign a strict confidentiality and non‑disclosure agreement.
• Full background checks are performed, with consent, on all successful candidates before employment offers can be extended.
• US citizens and Green Card holders, EAD and TN are encouraged to apply. We are unable to sponsor H1 candidates at this time.
• No 3rd parties please. Individuals only need apply.