Penetration Tester (W-2 or 1099 | U.S.-Based)
About The Position
RSI Security is a cybersecurity advisory firm dedicated to helping organizations secure their environments, reduce risk, and stay compliant. Our team of specialized practitioners works hands-on with clients across multiple industries, delivering technical excellence with a service-first mindset. We are expanding our penetration testing bench and seeking a highly skilled Penetration Tester to support ongoing client engagements, including onsite assessments. The Penetration Tester executes advanced manual penetration testing across multiple disciplines, supports client engagements both remotely and onsite, and delivers accurate, actionable, and validated reporting. This role requires strong technical depth, disciplined follow-through, consultative communication, and consistent alignment with RSI methodologies and Core Values. W-2 and 1099 versions of the role share the same responsibilities; however, W-2 roles include scorecard metrics and quarterly Rocks, while 1099 contractors operate on a deliverables-based SOW model.
Requirements
- 3–7+ years of penetration testing experience
- Full-stack offensive testing skills (network, web, mobile, API, IoT, SE)
- Proficiency with Burp Suite, Nmap, Nessus, Metasploit, Wireshark, etc.
- Strong reporting and documentation skills
- Excellent client-facing communication
- Familiarity with OWASP, PTES, NIST SP 800-115, OSSTMM
- Ability to work independently
- Must be able to travel within the United States (non-negotiable)
- Must be U.S.-based
Responsibilities
- Manual Internal and External Penetration Testing
- Internal Segmentation Testing (lateral movement, trust boundary analysis)
- Web Application Penetration Testing (OWASP Top 10, business logic flaws)
- Mobile Application Penetration Testing (Android/iOS)
- API Penetration Testing (auth flows, token abuse, endpoint assessment)
- Social Engineering Penetration Testing (phishing, vishing, pretexting)
- Hardware/IoT Penetration Testing as needed
- Create detailed, validated, and remediation-focused penetration testing reports
- Present findings to both technical and non-technical stakeholders
- Maintain alignment with industry standards (NIST, PTES, OWASP, MITRE, etc.)
Benefits
- Unlimited flex vacation
- Paid parental leave
- 401(k) with 100% employer match
- Medical, dental, vision coverage
- Professional development & certification reimbursement
- Remote-first culture
- Flexible project-based or hourly contracting
- Remote work
- Access to RSI standards and methodologies
- Long-term contracting potential
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
