Immediate need for a talented Penetration Tester . This is a 12+months contract opportunity with long-term potential and is located in U.S(Remote). Please review the job description below and contact me ASAP if you are interested.
Job ID:26-20106
Pay Range: $80 - $90/hour. Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location).
Key Responsibilities:
- Triage Review and validate incoming vulnerability reports from Mythos; assess severity, exploitability, and business impact; de-duplicate and enrich findings with reproduction steps and evidence
- Retesting Perform targeted retesting of remediated vulnerabilities to confirm fixes are effective and complete; document pass/fail results with technical evidence
- Tracking & Remediation Support Monitor remediation timelines against SLAs; coordinate with development and infrastructure teams to ensure timely closure; escalate aging findings per policy
- Reporting Maintain accurate records in the vulnerability management platform; produce weekly status reports on open/closed/overdue findings; contribute to executive-level metrics
- Collaboration Partner with application security, DevOps, and engineering teams to provide remediation guidance and technical context for findings
- Process Improvement Identify patterns in recurring vulnerabilities; recommend process or tooling improvements to reduce triage backlog
Key Requirements and Technology Experience:
- 3 plus years Experience in hands on penetration testing experience or offensive security testing.
- 3+ years of hands-on penetration testing experience (web applications, APIs, infrastructure)
- Demonstrated experience triaging vulnerabilities at scale (CVSS scoring, CWE/OWASP classification, risk-based prioritization)
- Strong understanding of common vulnerability classes (OWASP Top 10, SANS Top 25) and remediation strategies
- Experience with vulnerability management platforms (e.g., Jira, ServiceNow, DefectDojo, or similar)
- Ability to write clear, reproducible proof-of-concept exploits and remediation validation reports
- Familiarity with SDLC integration and working directly with development teams on fix guidance
- Strong written and verbal communication skills; able to translate technical findings for varied audiences
- Relevant certifications: OSCP, GPEN, GWAPT, CEH, or equivalent
- Experience with bug bounty or crowdsourced vulnerability programs
- Familiarity with financial services regulatory requirements (PCI-DSS, FFIEC, SOX)
- Scripting/automation skills (Python, Bash, Burp extensions) for retesting workflows
- Experience with CI/CD pipeline security tooling (SAST/DAST integration)
- Burp Suite Professional, Nuclei, Caido
- Git-based workflows and code review
- Cloud platforms (AWS, Azure, Google Cloud Platform) security configurations
- Container/Kubernetes security fundamentals
Our client is a leading Financial Industry, and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration.
Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
By applying to our jobs you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy .