Penetration Tester

Position: Offensive Security Consultant (Mid-Senior)Location: United States - RemoteEmployment Type: Full TimePay Range: $100k-$160k /yr base salary depending on experience/expertiseKey ResponsibilitiesConduct manual penetration testing across internal, external, and wireless networks, web applications, APIs, thick clients, cloud infrastructure, andExecute full-scope covert red team engagements, adversary simulations, assumed breach engagements, social engineering, and physical assessmentsManage infrastructure necessary to conduct red team operationsDevelop custom proof-of-concept exploits and tooling when automated or existing tools are insufficientProduce clear, comprehensive technical reports and executive summaries that outline vulnerabilities, business impact, and remediation guidanceStay current on emerging threats, TTPs, and cyber security trendsContribute to penetration testing framework, including deliverables, custom script development, testing methods and techniques, and ongoing researchParticipate in project kickoff and report delivery meetingsLead by example in behavior, work ethic, and punctualityQualificationsMinimum of 5-7 years of professional experience in hands-on manual penetration testing and/or red teamingStrong in either network or appsec, and passable on the otherSkills-based industry certification (OffSec, Zero-Point Security, SEKTOR7, etc)Proficient with common industry tools and C2 frameworksSome level of scripting/coding proficiencyExcellent ability to troubleshoot technical issuesExhibit extensive knowledge of industry standard penetration testing frameworks and methods (e.g., PTES, OWASP, MITRE ATT&CK)Strong organizational skills, including ability to deliver with minimal supervisionStrong professionalism and speaking/writing skillsAbility to multi-task without compromising deadlines and assignmentPreferred / Nice to HavePrevious experience conducting penetration testing in a consulting capacityWorking knowledge of PCI DSS, HIPAA, and SOC 1/2, and the ability to translate offensive security findings into compliance-relevant risk andExperience with malware development, C2 framework enhancements, and EDR evasion Science, Engineering or related disciplineDesire to contribute to blog and/or speak at industry conferences on occasionThese are not tool-heavy, checkbox pentests. Our testers think and act like adversaries - endpoint evasion, privilege escalation, moving laterally, and chaining attacks until we hit business-critical objectives. We write narrative-driven reports that tell the full story from entry to impact, showing the path taken and the attacker mindset, and conveying the risks in a way that the client understands.Automated tools, BAS platforms, and AI agents can tell you where the low-hanging fruit is. What they can’t do is think like an adversary, turning a series of small flaws into full-on breaches. That takes curious, disciplined, relentless humans… Hackers. We do pentests the way real attackers do, but with one purpose - to make our clients stronger, safer, and prepared for the real thing.#J-18808-Ljbffr