Penetration Tester

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Penetration Tester based in the United States.

This role focuses on strengthening the security posture of complex systems by identifying vulnerabilities across web applications, networks, and cloud environments.
You will lead and execute full-scope penetration testing engagements, working closely with development, product, and engineering teams to uncover risks and recommend practical remediation strategies.
The position plays a critical role in ensuring the security, resilience, and compliance of both commercial and federal systems.
You will operate in fast-paced consulting environments where you manage testing activities end-to-end, from planning and scoping through reporting and client delivery.
A strong emphasis is placed on hands-on technical expertise, clear communication, and the ability to translate findings into actionable security improvements.
You will also contribute to client advisory work, helping shape secure architectures and respond to emerging threats.
This is a part-time, U.S.-based consulting role supporting high-impact cybersecurity initiatives across diverse environments.

• Plan, execute, and deliver end-to-end penetration testing engagements across web applications, networks, cloud, and internal/external environments.
• Identify, validate, and document security vulnerabilities, providing clear remediation guidance and risk-based recommendations.
• Collaborate with development, engineering, and product teams to integrate security testing into the software lifecycle and resolve identified issues.
• Translate customer requirements into technical penetration testing approaches, estimates, and delivery plans.
• Prepare detailed reports, briefing materials, and documentation summarizing findings, risks, and mitigation strategies.
• Support the development and review of statements of work, proposals, and change requests for security consulting engagements.
• Advise stakeholders on emerging threats, security best practices, and architectural improvements for cloud and web-based systems.
• Contribute to continuous improvement of penetration testing methodologies and consulting delivery processes.

Requirements:

• 5+ years of hands-on experience in penetration testing or ethical hacking roles.
• Strong understanding of OWASP Top 10, common vulnerability classes, and modern attack vectors.
• Experience performing white-box, black-box, internal, and external penetration testing across web, network, and application environments.
• Familiarity with methodologies such as OSSTMM, PTES, OWASP, NIST, and FedRAMP guidelines.
• Proficiency with operating systems including Windows, Linux, and macOS command-line environments.
• Experience with scripting languages such as Python, Bash, PowerShell, or similar.
• Hands-on experience with security tools such as Burp Suite, Metasploit, Nmap, Nessus, SQLmap, or equivalent.
• Strong ability to document findings and communicate technical risks to both technical and non-technical stakeholders.
• Excellent organizational, problem-solving, and time-management skills in fast-paced consulting environments.
• Relevant certifications such as Security+, CEH, GPEN, OSCP, or cloud security credentials are preferred.
• Bachelor’s degree in a related field or equivalent practical experience.

Benefits:

• Competitive hourly rate: $50–$85/hr (contract-based), depending on experience and qualifications.
• Remote consulting engagement within the United States.
• Opportunity to work on high-impact federal and commercial cybersecurity projects.
• Exposure to advanced penetration testing tools, methodologies, and enterprise environments.
• Flexible part-time consulting structure with project-based assignments.
• Potential for contract extension based on performance and project needs.
• Equal opportunity, merit-based hiring process.