Role: Penetration Tester / Offensive Security Specialist
Location: Remote (Preferably Dallas, TX)
Penetration Testing and Offensive Security Specialist to lead and execute advanced adversarial simulations across enterprise environments. The role focuses on identifying exploitable weaknesses across network, application, cloud, human, and physical layers, emulating real-world attacker techniques.
The ideal candidate will bring hands-on expertise in multi-vector penetration testing, red teaming, exploit development, and adversarial simulation, with the ability to provide actionable remediation insights to strengthen enterprise security posture.
Keyword''s
Penetration Testing & Red Team Operations
Exploitation & Vulnerability Analysis
Social Engineering & Human Layer Testing
Preferred Skills: Multi-vector penetration testing (Network, Web, Cloud, Mobile, Wireless, Physical)
Must Have*
Red teaming and adversary emulation
Exploit execution and vulnerability validation
Good to have
Investigations and compromise assessments
Threat Intelligence and IOC analysis
Experience participating in Red Team vs Blue Team or Purple Team exercises
Certifications
Offensive Security Certified Professional (OSCP)
Certified Ethical Hacker (CEH)
GIAC Security Essentials (GSEC)
Other advanced Red Team or exploit development certifications are a plus
Key Responsibilities
1. Penetration Testing & Red Team Operations
Conduct end-to-end penetration testing engagements, including:
Internal network assessments
External perimeter testing
Web application and API security testing
Cloud and container security testing
Mobile (iOS) and thick client application assessments
Wireless infrastructure testing
Execute advanced attack simulations to emulate real-world adversary tactics
2. Exploitation & Vulnerability Analysis
Identify, validate, and exploit vulnerabilities using techniques such as:
SQL Injection
Cross-Site Scripting (XSS)
Privilege Escalation
Credential harvesting and manipulation
Perform:
Vulnerability chaining and lateral movement simulations
Post-exploitation persistence and privilege escalation
Provide risk-rated findings with clear remediation guidance
3. Social Engineering & Human Layer Testing
Design and execute social engineering campaigns, including:
Phishing and spear-phishing
Smishing and pretexting
Assess organizational resilience to human-centric attacks
4. Red Team Automation & Tool Development
Develop and maintain:
Custom exploitation scripts and toolkits
Automation workflows for reconnaissance and exploitation
Leverage:
Python scripting and Linux toolchains
AI/GenAI-assisted tooling for attack simulation and reconnaissance
5. Offensive Intelligence & Reconnaissance
Perform OSINT-based reconnaissance, including:
Target profiling and attack surface discovery
Dark web and surface web intelligence gathering
Utilize tools such as:
Nmap, Wireshark
Threat intelligence platforms (e.g., Recorded Future or equivalents)
6. Purple Teaming & Validation Support
Collaborate with defensive teams to:
Validate detection and response capabilities
Simulate attack scenarios and measure control effectiveness
Support:
Breach simulations
Ransomware scenario testing
Required Skills & Experience
Core Technical Skills
Proven experience in:
Multi-vector penetration testing (Network, Web, Cloud, Mobile, Wireless, Physical)
Red teaming and adversary emulation
Exploit execution and vulnerability validation
Strong understanding of:
MITRE ATT&CK framework
Modern attack techniques and threat actor TTPs
Tools & Technologies
Hands-on expertise with:
Nmap, Wireshark, Burp Suite, Metasploit (or similar toolsets)
Experience with:
Web application security tools
Network and protocol analysis tools
Automation & Scripting
Strong development experience in:
Python
Linux environments
Ability to build:
Custom scripts, payloads, and automation frameworks