584 Penetration Tester jobs in the United States

Base pay range

$140,000.00/yr - $170,000.00/yr

Under the direction of the Manager of Information Security, the Penetration Test Engineer will protect the company and its subsidiaries from cyberattacks, safeguarding sensitive data, the company brand, and business operations. This critical role includes performing penetration tests, identifying vulnerabilities, conducting risk assessments, developing and testing incident response procedures, and collaborating with internal and external teams to enhance companywide security posture.

• Conduct penetration tests across web/business applications, servers, APIs, mobile apps, networks, cloud environments, and connected vehicles.
• Document vulnerabilities with technical reports detailing risk levels and remediation recommendations.
• Lead or participate in all phases of penetration testing: Reconnaissance, Scanning, Vulnerability Assessment, Exploitation, Remediation, and Reporting.
• Develop and maintain security incident response policies; lead table-top exercises and forensic investigations.
• Stay current on emerging security threats and the tools/methods to mitigate them.
• Collaborate with business units and external service providers to implement security enhancements.

• Bachelors degree or equivalent experience in information security; advanced degrees or certifications a plus.
• 8+ years in organizations with mature security practices.
• 3+ years conducting hands-on penetration tests and vulnerability management; Red Team experience preferred.
• 3+ years in information security incident response, cybersecurity, or IT risk management.
• Experience with security auditing, compliance regulations, and evidence collection.
• Experience in penetration testing on vehicles is a plus.
• Success in CTF competitions and/or bug bounty programs is highly desirable.
• Skilled in IT infrastructure, security components, scripting (Python), and penetration testing tools (Burp Suite, Kali Linux, Metasploit, John the Ripper, Nmap, Wireshark, OWASP ZAP, Aircrack-ng, Tenable Nessus, etc.).
• Excellent communication, leadership, and organizational skills.

• High emotional intelligence for effective collaboration and stakeholder communication.
• Proactive, self-motivated, and able to lead multiple concurrent initiatives.
• Expertise in SIEM, attack chains, emerging threats, and security monitoring best practices.

• Work in a fast-paced, innovative environment shaping the future of mobility.
• Competitive compensation and benefits package.
• Opportunities for professional growth and cross-functional collaboration.

• Full-time

• Quality Assurance and Engineering

• Motor Vehicle Manufacturing, Information Services, and Technology, Information and Media

Computer Futures is a leading IT recruitment consultancy, specializing in placing IT experts in permanent and contract roles across the US, Europe, and Asia.

With a proven track record in IT recruitment, we enjoy success within all sectors and business types, placing a candidate every 38 minutes. From single job vacancies to large-scale projects, our proficiency in providing exceptional professionals across the board has carved our reputation as a secure and significant supplier partner.

A robust and financially strong business, we have grown organically from our first office in London in 1986, to 7 offices across the US including: New York, Boston, Chicago, San Diego, San Francisco, Houston, and Austin. We also have 18 offices in Europe including: Amsterdam, Brussels, Dublin, Edinburgh, Frankfurt, Hamburg, Munich and Paris.

Passionate about recruitment, our 350+ specialist IT recruitment consultants' priority is to secure the right person for the right role, within a specified timeframe and budget. Through Computer Futures' methodology, our consultants who are there to help provide you with the best service and support whatever your IT requirement is we pride ourselves on our quality of candidates, our speed of delivery and the ability to provide a bespoke service to meet our individual clients' recruitment needs.

-Min 3 years of experience penetration/vulnerability testing for web and applications in an enterprise environment

-Automated and manual testing experience

-Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc.

-Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.

James Benjamin H. Ilagan

Computer Futures

Newark, United States | Posted on 01/10/2025

We are seeking a highly skilled and experienced Senior Penetration Tester to join our cybersecurity team. This individual will lead complex penetration testing activities, conduct advanced red team engagements, and thoroughly assess our clients networks, applications, and systems for vulnerabilities. The ideal candidate is a seasoned security professional with a passion for uncovering weaknesses before adversaries can exploit themand a knack for communicating technical findings to both technical and non-technical audiences.

Advanced Penetration Testing

• Execute sophisticated penetration tests against web applications, networks, cloud environments, and mobile platforms.
  
• Perform in-depth reconnaissance, exploit development, and post-exploitation activities to fully gauge security weaknesses.
  
• Collaborate with stakeholders to identify high-risk areas and design targeted testing strategies.
  
• Evaluate potential attack vectors, assess impact, and prioritize remediation steps based on industry best practices.
  

Red Team Engagements

• Plan and lead complex red team operations, simulating real-world attack scenarios that encompass social engineering, physical intrusion, and cyber infiltration tactics.
  
• Coordinate with purple team exercises to help stakeholders detect, respond to, and recover from simulated attacks.
  

Reporting & Documentation

• Prepare clear, detailed reports outlining findings, remediation guidance, and risk assessments.
  
• Communicate results effectively to executives, security teams, and developers, ensuring stakeholders fully understand threats and mitigation strategies.
  

Technical Leadership & Mentorship

• Serve as a subject matter expert for junior testers, guiding them in methodologies, tooling, and emerging threat techniques.
  
• Stay current with new offensive security tools, vulnerability trends, and threat landscapes, sharing knowledge to enhance team capabilities.
  

Security Program Enhancement

• Advise clients and internal teams on best practices for security architecture, secure coding standards, and incident response.
  
• Contribute to the continuous improvement of penetration testing methodologies, processes, and internal tools.
  

Education & Certifications

• Bachelors degree in Computer Science, Cybersecurity, or equivalent work experience.
  
• Relevant certifications such as OSCP, OSCE, GPEN, GXPN, or CEH strongly preferred.
  

Experience

• Minimum of 5 years hands-on penetration testing experience, with a proven track record of finding complex vulnerabilities.
  
• In-depth knowledge of common frameworks (OWASP Top 10, MITRE ATT&CK, NIST) and industry-standard tools (Burp Suite, Metasploit, etc.).
  
• Experience with programming/scripting in languages such as Python, Go, or PowerShell for exploit development and automation.
  

Security Clearance

• Current or active government security clearance is strongly preferred .
  
• Applicants able to obtain or maintain a clearance may also be considered.
  

Technical & Soft Skills

• Proficiency in network protocols, operating systems (Windows, Linux, macOS), and cloud environments (AWS, Azure, GCP).
  
• Familiarity with containerized environments (Docker, Kubernetes) and DevSecOps principles.
  
• Strong analytical and problem-solving abilities, with excellent attention to detail.
  
• Effective communication and presentation skills for delivering technical results to non-technical audiences.
  

• Adaptability Able to quickly pivot to new technologies, frameworks, and attack vectors.
  
• Collaboration Comfortable working cross-functionally and guiding teams through advanced security scenarios.
  
• Curiosity Passion for researching cutting-edge offensive security tactics and pushing boundaries to identify critical vulnerabilities.
  

• Expertise in web application security testing
• Experience in security testing with SAST, SCA, DAST, IAST, Fuzz and penetration testing tools
• Expertise in mobile application security testing
• Expertise in Web application firewall
• Hands-on experience with DevSecOps tools and practices, including static code analysis, security scans, and automated testing.
• Understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25
• Ability to Client and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
• Experience with security tools like Fortify, CheckMarx, VeraCode, BurpSuite, Snyk, Nessus
• Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk
• Strong knowledge of cryptography, API security, and secret management
• Security certifications such as OSCP
• Excellent interpersonal and communication skills, with the ability to work effectively with all levels of management.
• Knowledge of payments domain

Imagine One is currently seeking multiple candidates for positions supporting the U.S. Navy at Naval Surface Warfare Center Dahlgren Division (NSWCDD). We are looking for Senior Penetration Tester to provide engineering support for Cyber Situational Awareness (SA), Cyber Command and Control (C2), Mission Assurance, and Homeland Defense in Virginia Beach, Virginia. Work will be performed on-site in Virginia Beach, Virginia.
Experience Requirements:
The Senior Penetration Tester shall have experience with technical processes and technical management processes in support of comprehensive test and evaluation associated with test support, operational verification of installations and support efforts for Developmental Test and Evaluation (DT&E), Operational Test and Evaluation (OT&E), and Penetration testing (PEN testing) to include the following duties:

• Provide support by utilizing experience working with Entra ID (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation
• Provide support by utilizing experience in automation using PowerShell, PowerAutomate, Logic Apps, Graph API
• Provide support by utilizing experience working with Microsoft Entra ID and Microsoft 365 in a hybrid environment
• Provide support by utilizing experience extending or integrating on premises AD with Entra ID
• Provide support by utilizing experience managing identity and access in Microsoft Entra ID
• Provide support by utilizing experience conducting Red Team operations in an MDE environment
• Provide support by utilizing experience with AWS, Cloud Audit, Serverless and Microservice Architecture
• Provide support utilizing experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those service
• Provide support by performing web application and API penetration testing, and Cloud Security Audits
• Provide support by utilizing experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g., OAuth2, SAML, LDAP)
• Providing support by writing proof of concept code to demonstrate the severity of a potential security issues
• Provide support by utilizing working knowledge with scripting languages (e.g., Python, Perl, PHP, Ruby)
• Provide support by utilizing working knowledge with Programming language (e.g., C, Java, Python, JavaScript)

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS; Minimum of 3 years with PhD
• Shall have a minimum of five (5) years of experience in penetration testing and/or offensive Cyber operations
• Shall have demonstrated experience utilizing penetration tools
• Shall have demonstrated experience in mimicking threat behavior
• Demonstrated experience performing vulnerability assessments with the Assured Compliance Assessment Solution tool
• Demonstrated experience with performing STIG assessments to include using SCAP benchmarks
• Demonstrated experience utilizing packet analyzer tools such as Wireshark and tcpdump
• Certifications: CEH or GSEC or Security+
• Minimum certification as 541 (or similar as required by the Technical Instruction) at the Intermediate level per DoDD , or successor
• Offensive Security Certified Professional (OSCP) or Offensive Security Certified Expert (OSCE) or Offensive Security Exploitation Expert (OSEE) or Offensive Security Wireless Professional (OSWP) certification required
• Ability to travel up to 10 percent

• ACTIVE Top Secret/SCI DoD Clearance Required (no interim)

At accentedge , we are at the forefront of cybersecurity and digital transformation, helping healthcare organizations and other critical industries protect their data and systems from sophisticated threats. Based in Chicago, we are expanding our cybersecurity team and looking for a highly skilled Penetration Tester to help secure healthcare networks, applications, and infrastructure.

Requirements

Key Responsibilities:

• Ethical Hacking : Conduct ethical hacking and simulate real-world attacks on hospital systems, networks, and applications to uncover vulnerabilities.

• Penetration Testing : Perform in-depth penetration testing on healthcare systems, including network infrastructure, web applications, and medical devices.

• Vulnerability Identification : Identify and exploit vulnerabilities to simulate potential cyberattacks, providing a realistic assessment of security weaknesses.

• Documentation and Reporting : Prepare detailed reports on test findings, highlighting vulnerabilities and providing actionable recommendations for remediation.

• Collaboration : Work closely with network, application, and security teams to address identified vulnerabilities, ensuring that risks are mitigated effectively.

• Continuous Learning : Stay updated on the latest hacking techniques, attack vectors, and security trends to ensure cutting-edge penetration testing methodologies.

Qualifications:

• Experience : 3+ years of experience in penetration testing, with a focus on healthcare or other highly regulated industries.

• Technical Expertise : Proficiency in penetration testing tools such as Metasploit , Burp Suite , Kali Linux , and Wireshark .

• Certifications : Industry-recognized certifications such as OSCP (Offensive Security Certified Professional) , CEH (Certified Ethical Hacker) , or GPEN (GIAC Penetration Tester) are highly preferred.

• Analytical Skills : Strong problem-solving skills and the ability to think creatively to identify and exploit vulnerabilities.

• Communication : Excellent communication skills with the ability to convey complex technical findings in clear and actionable reports.

• Teamwork : Ability to work in a collaborative environment and interact with different teams to improve overall security posture.

Benefits

Why Join accentedge?:

• Join a rapidly growing cybersecurity firm that is making a difference in healthcare and critical infrastructure.

• Competitive salary and benefits package, including healthcare, retirement plans, and professional development opportunities.

• A collaborative and innovative work environment that fosters continuous learning and advancement.

• The opportunity to work with cutting-edge technologies and contribute to securing critical healthcare infrastructure.

Equal Opportunity Employer :

accentedge is committed to creating an inclusive environment for all employees and is proud to be an equal opportunity employer.

Marathon TS is looking for a Penetration Tester to support our government client. The Penetration Tester will:

• Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
• Apply sound technical and management principles to identify and remediate cybersecurity --vulnerabilities across the State Department global IT enterprise infrastructure
• Apply organizational and process change principals
• Evaluate system performance results, perform risk assessments, and evaluate performance metrics.
• Responsibilities include:
• Provide ad-hoc penetration testing and assessment services on Department of State systems identified by the leadership.
• Develop, Identify and resolve security vulnerabilities related to deployment and testing processes
• Streamline and optimize processes and procedures in order to rapidly remediate vulnerabilities from cybersecurity threats
• Collaborate with Department and external cyber stakeholders on cybersecurity technology implementations to meet specific operational needs.
• Perform technical evaluations of recommended vulnerability mitigation actions and make recommendations based on impact and/or other countermeasures.
• Develop strategies for CIC cyber defense technologies, ensuring integration and alignment for continued operation.
• Conduct assessments of threats and vulnerabilities; determine deviations from acceptable configurations, enterprise, or local policy; assess the level of risk; and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations
• Network Mapping include but are not limited to a network map of the organization's system that includes a visual representation of the organization's physical devices and digital network.
• Perform operation and maintenance activities in support of existing CIC cyber tools and technologies (MSV, Qualys, Tenable Nessus and others).
• Identify, diagnose, and prioritize anomalies in cyber defense infrastructure and resources.
• Perform cybersecurity testing of developed applications and/or systems. Identify and direct the remediation of technical problems encountered during testing and implementation of new systems.
• Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders.

• 4 years Microsoft Operating Systems (OS) engineering and support experience focusing on Active Directory (AD), System Center Configuration Manager (SCCM), System Center Operations Manager (SCOM)
• 4-6 years Network penetration testing experience
• In-depth experience in planning, implementing, and managing large/global enterprise infrastructures
• Familiarity of various analytical tools (Splunk, USBDeview, Netwitness, MimiKatz)
• Understanding of Security Information and Event Management (SIEM) tools (Splunk, McAfee)
• Familiarity of Cobalt Strike, Nessus, Kali Linux, Burp Suite, Nmap and OpenVAS for databases
• Knowledge of general attack stages
• Skill in the use of social engineering techniques and using penetration testing tools
• Familiarity with OMB, NIST, Client, and related security guidelines and directives
• Interpersonal skills including the ability to collaborate effectively, and excellent written and oral communications
• Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Server/endpoint OS (Microsoft, Linux, IOS) along with mobile and cloud technologies.
• Cloud application security, Vulnerability Management and Security Information, and Event Management capabilities.
• Knowledge of identity and access management solutions (MFA, PKI, SAML, etc.)
• Countermeasures / mitigations to identified cybersecurity risks.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration Protocol (DHCP), domain name system, and directory services
• Ability to generate and implement capabilities to monitor organization's network in real-time
• Ability to provide Vulnerability Scanning Risk Assessment
• Information protection technologies (e.g., firewalls, antivirus, threat protection, servers, routers, and others as appropriate).
• Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)
• Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)

Phoenix Cyber is looking for a Penetration Tester to join our client delivery team. This is onsite at the client location in Chandler, AZ.  

Requirements: 

• Candidates must possess demonstrated experience planning and conducting penetration tests against networks and web applications.
• Solid understanding of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, covert channels, and data exfiltration.
• Perform infrastructure penetration testing to discover and exploit vulnerabilities to test the effectiveness of the organization’s security posture.
• Perform web application penetration testing to identify and exploit OWASP Top 10 web application vulnerabilities.
• Leverage threat intelligence to emulate known threat actors’ tactics, techniques, and procedures. Expertise with tools such as Bloodhound, Burp Suite, Cobalt Strike, Metasploit, and Mimikatz.
• Develop process automation and penetration testing scripts.
• Partner with various cybersecurity teams to improve automation and detection of threat actors.
• Engage with technical and non-technical audiences to articulate both techniques and results.

Requirements:

• At least five (5) years of pen test experience
• Knowledge of red, blue, and purple team assessments
• Experience with OSSTMM, OWASP, NIST, PTES, ISSAF methodologies
• Experience with a variety of toolsets for gathering information and conduct comprehensive penetration tests
• Must have at least a CEH, PenTest+, or GPEN certification in addition to one of the following certifications: GXPN, OSCP, CRTOP, CMWAPT, CEPT, CPT, LPT or other similar certifications as approved by the Government (e.g., C|PENT)
• Secret Clearance 

Phoenix Cyber is a national provider of cybersecurity engineering services, operations services, sustainment services and managed security services to organizations determined to strengthen their security posture and enhance the processes and technology used by their security operations team.

Phoenix Cyberis an equal opportunity employer and complies with Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran's Readjustment Assistance Act (VEVRAA), all amendments to these regulations, and applicable executive orders, federal, and state regulations. Applicants are considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, and/or veteran status.

Phoenix Cyber participates in E-Verify to confirm the employment eligibility of all newly-hired employees. To learn more about E-Verify, including your rights and responsibilities, go to  

Our client is seeking a Penetration Tester to join their team. As a Penetration Tester, you will be part of the Cyber Security department supporting various teams. The ideal candidate will have strong analytical skills, excellent communication abilities, and a collaborative mindset which will align successfully in the organization.

Job Title: Penetration Tester

Location: Montvale, NJ (Remote)

Pay Range: 60-70

What's the Job?

• Perform manual application penetration testing against APIs (REST/SOAP), web applications, mobile apps, and thick client apps.
• Conduct threat modeling, evaluate application business logic, and perform application architecture reviews.
• Engage with technical and non-technical audiences to articulate testing processes, techniques, and results; guide technical audiences on remediation options.
• Partner with Cyber teams to develop new testing techniques and automation for testing.
• Mentor junior and offshore team members on tools and techniques in performing tests.

• Minimum four (4) years of recent experience in application penetration testing of APIs, web applications, or mobile applications.
• Experience with Burp Suite Pro and other application testing tools such as Netsparker and Checkmarx.
• Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations.
• One or more major ethical hacking certifications preferred (e.g., GWAPT, CREST, OSWE, OSWA).
• Demonstrated ability to exploit POCs and showcase application testing experience in real-time via demos.

• Opportunity to work with a dynamic and innovative team.
• Engagement in cutting-edge security practices and methodologies.
• Professional growth and development opportunities.
• Collaborative work environment that values diverse perspectives.
• Chance to make a significant impact on the security of applications and networks.

• Medical and Prescription Drug Plans
• Dental Plan
• Vision Plan
• Health Savings Account
• Health Flexible Spending Account
• Dependent Care Flexible Spending Account
• Supplemental Life Insurance
• Short Term and Long Term Disability Insurance
• Business Travel Insurance
• 401(k), Plus Match
• Weekly Pay