This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Penetration Tester based in the United States.
This role sits at the heart of a mission-driven cybersecurity program focused on protecting critical digital infrastructure against evolving advanced threats. You will be joining a highly skilled security testing team responsible for enterprise-level penetration testing across web applications, APIs, and complex systems. The environment is fast-paced, technically demanding, and rooted in real operational impact, where your findings directly strengthen national-scale security resilience. You will work closely with engineers, system owners, and security stakeholders to uncover vulnerabilities and validate remediation efforts. The role blends hands-on offensive security work with analytical reporting and advisory responsibilities. It also requires continuous awareness of emerging threat landscapes and attack methodologies. This is an opportunity to apply deep technical expertise in a high-impact, security-sensitive setting where precision and clarity truly matter.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Penetration Tester based in the United States.
This role sits at the heart of a mission-driven cybersecurity program focused on protecting critical digital infrastructure against evolving advanced threats. You will be joining a highly skilled security testing team responsible for enterprise-level penetration testing across web applications, APIs, and complex systems. The environment is fast-paced, technically demanding, and rooted in real operational impact, where your findings directly strengthen national-scale security resilience. You will work closely with engineers, system owners, and security stakeholders to uncover vulnerabilities and validate remediation efforts. The role blends hands-on offensive security work with analytical reporting and advisory responsibilities. It also requires continuous awareness of emerging threat landscapes and attack methodologies. This is an opportunity to apply deep technical expertise in a high-impact, security-sensitive setting where precision and clarity truly matter.
Accountabilities:
- Conduct end-to-end penetration testing on web applications, APIs, and backend systems, including authentication, authorization, and business logic testing
- Analyze system architecture, network behavior, and application workflows to identify exploitable weaknesses and security gaps
- Simulate advanced persistent threats and adversary tactics to assess system resilience and detection capabilities
- Document findings in detailed technical reports and communicate risks clearly to both technical and non-technical stakeholders
- Collaborate with engineering and security teams to support remediation, validation testing, and security improvement efforts
- Stay current with emerging vulnerabilities, exploit techniques, and offensive security methodologies
- Develop scripts and automation to enhance testing efficiency and repeatability where applicable
- Contribute to security research, proposal efforts, and enterprise cybersecurity initiatives
- 4–5+ years of experience in cybersecurity with at least 3 years focused on penetration testing, vulnerability assessment, or adversary simulation
- Strong understanding of OWASP Top 10, API Security Top 10, and common web and application attack vectors
- Hands-on experience with tools such as Kali Linux, Burp Suite, Metasploit, and related security frameworks
- Experience testing APIs and web services (REST, SOAP, JSON, XML, token-based authentication)
- Solid understanding of operating systems (Windows, Linux, macOS), Active Directory, and network protocols (TCP/IP, DNS, HTTP/S, etc.)
- Ability to produce clear, structured technical reports and communicate findings effectively to diverse audiences
- Familiarity with NIST and FISMA frameworks and compliance requirements
- Basic scripting/automation skills for security testing workflows
- Experience working in collaborative security environments (SOC, red team, or cyber defense operations)
- Bachelor’s degree in a related field or equivalent professional experience
- Active or obtainable Public Trust clearance required
- Remote-first work arrangement within the United States
- Competitive annual salary range: $115,000 – $150,000
- Opportunity to support high-impact national cybersecurity initiatives
- Exposure to advanced threat environments and enterprise-scale systems
- Collaborative, mission-driven security engineering culture
- Professional growth in offensive security and advanced penetration testing domains
- Eligibility for clearance sponsorship (subject to approval).
In this role, you will lead and execute advanced penetration testing activities across enterprise systems, with a strong focus on identifying vulnerabilities, validating security controls, and improving overall cyber defense posture.
Requirements
The ideal candidate brings strong hands-on penetration testing experience, deep technical security knowledge, and the ability to communicate complex findings clearly across teams.
Preferred qualifications include certifications such as OSCP, GPEN, GWAPT, CEH, or similar, as well as experience with exploit development, threat emulation, or advanced persistent threat analysis.