Senior Pentester

About The Position

Requirements

• Experience aligning engagement reporting with the MITRE ATT&CK framework.
• Experience briefing engagement results to 'C-suite' and executive level federal employees.
• A Red Team specific certification such as the CRTO or GRTP.
• 2+ years of experience performing adversary emulation against commercial or federal environments.
• 5+ years of experience penetration testing in one or more of these areas: Active Directory, web application, host, cloud, ICS/SCADA.
• Proven experience in bypassing industry WAF (e.g. Akamai, Cloudflare, F5).
• Proven experience in post-exploitation techniques (e.g. lateral movement, evasion, persistence, etc.).
• Experience with various command and control (C2) frameworks such as Cobalt Strike, Sliver, Merlin, etc.
• Familiarity with common cloud security vulnerabilities and exploit vectors (e.g. common misconfigurations, etc.).
• Experience with both assumed breach scenarios and scenarios where breaching the perimeter is required.
• Excellent written and verbal communication skills.
• Strong understanding of vulnerability classes (e.g., OWASP Top 10, CWE Top 25) and exploitation techniques.
• Experience with threat modeling methodologies: PASTA, TRIKE, STRIDE.
• Scripting or automation in Python, Bash, or PowerShell.
• Strong communication and technical documentation skills.
• Experience scoping penetration testing engagements.
• Experience briefing engagement results to different customer levels.
• Experience classifying vulnerabilities using CVSS.
• At least one advanced industry certification, i.e. OSCP, OSWE, OSEP.
• Candidates must be US citizens.

Nice To Haves

• Multiple advanced industry certifications (OSCP, GPEN, GWAPT, or CISSP, CISA, CRISC).
• Experience performing Red Team and Purple Team exercises.
• Experience coding in programming languages like C++, C, C#.
• A Security Clearance.

Responsibilities

• Participate in discussions with clients to learn about their environment and applications, learn about what they want tested, agree upon scope and Rules of Engagement, and organize test schedules.
• Conduct independent and collaborative penetration tests across infrastructure, web applications, mobile platforms, APIs, and cloud environments.
• Design and execute test plans simulating real-world adversarial behavior.
• Identify, exploit, and document vulnerabilities with technical detail, reproducible steps, and business impact analysis.
• Write professional reports including technical results, risk ratings, and mitigation recommendations.
• Translate technical findings into business impact and recommendations for security hardening.
• Track evolving TTPs, zero-day research, and attack surface changes relevant to client environments.

Benefits

• $125,000 - $185,000 Salary is determined by a combination of factors including location, level, relevant experience, and skills.
• The compensation package for this position may also include equity and benefits.