Senior Penetration Tester

Senior Penetration Tester

Location: Hybrid Waltham, MA (with occasional travel within the NY/NE region)
Job Type: Contract (6+ months)

About Us

STAFFXPERT LLC is a trusted staffing and consulting partner delivering top-tier talent across IT, cybersecurity, and engineering domains. We specialize in connecting highly skilled professionals with leading organizations to drive innovation, security, and business success.

Job Summary

STAFFXPERT LLC is seeking a Senior Penetration Tester on behalf of our client in Waltham, MA. This role is ideal for a highly skilled cybersecurity professional with deep hands-on experience across multiple testing domains. The selected candidate will be responsible for delivering comprehensive penetration testing across web applications, infrastructure, cloud environments, and APIs within both enterprise and operational technology (OT) environments.

Key Responsibilities

• Plan, scope, and execute penetration testing engagements across:

  • Web applications

  • Internal and external infrastructure

  • Cloud platforms and APIs

• Perform full lifecycle penetration testing, including scoping, execution, exploitation, reporting, and retesting

• Identify vulnerabilities, attack paths, and security weaknesses across complex environments

• Produce clear, actionable, and high-quality reports for both technical and non-technical stakeholders

• Collaborate with application, infrastructure, and security teams to support remediation efforts

• Contribute to the continuous improvement of testing methodologies, tools, and reporting standards

• Provide mentorship and guidance to junior penetration testers as needed

Required Qualifications

• 7+ years of hands-on experience in penetration testing

• Strong expertise in:

  • Web application security (aligned with OWASP Top 10)

  • Network and infrastructure security testing

  • Cloud security (e.g., AWS, Azure, or Google Cloud Platform)

  • API security testing

• Proven experience delivering end-to-end penetration testing engagements

• Solid understanding of common vulnerabilities, exploitation techniques, and attack methodologies

• Strong communication skills with the ability to present findings to diverse stakeholders

Preferred Qualifications

• Industry-recognized certifications such as OSCP, OSEP, OSWE, GIAC GPEN, or CISSP

• Experience with Operational Technology (OT) or ICS security environments

• Background in regulated industries or critical infrastructure

• Contributions to the cybersecurity community (research, tools, publications, or conference participation)

• Experience with red teaming or adversary simulation