Penetration Tester

Job Title: Penetration Tester
Location: Remote (U.S. Only)
Duration: Long-Term Contract
Work Authorization: Must be authorized to work in the U.S. without sponsorship

Job Description

We are seeking an experienced Penetration Tester to join our cybersecurity team on a long-term contract. The ideal candidate will have strong hands-on experience in web application and API security testing, along with exposure to red team or adversary simulation engagements. You will be responsible for identifying, exploiting, and clearly communicating security vulnerabilities to both technical and non-technical stakeholders.

Key Responsibilities

• Conduct penetration testing on web applications and APIs.

• Participate in red team engagements and adversary simulation exercises.

• Identify and exploit security vulnerabilities including XSS, SQL Injection, CSRF, SSRF, authentication/authorization flaws, and business logic issues.

• Utilize industry-standard tools such as Burp Suite, Nmap, Metasploit, and custom scripts.

• Document findings clearly and present results to technical teams and business stakeholders.

• Collaborate with security, engineering, and blue teams to improve overall security posture.

Required Qualifications

• Bachelor’s Degree (required).

• 3+ years of hands-on penetration testing experience.

• Strong understanding of OWASP Top 10 and common web attack vectors.

• Proven experience testing web applications and APIs.

• Excellent written and verbal communication skills.

• Required Certifications:

  • OSCP (Offensive Security Certified Professional)

  • OSWE (Offensive Security Web Expert)

  • CRTO (Certified Red Team Operator)

Preferred Qualifications

• Additional certifications such as OSWEP, CRTO, or eJPT.

• Experience with cloud application security, mobile application testing, or social engineering.

• Scripting or programming skills (Python, PowerShell, Bash, etc.).

• Experience in purple team exercises and collaboration with blue teams.