576 Penetration Testers jobs in the United States

Location: Dallas, TX or Tampa, FL

Type: Contract

Desirable Skills:

• Assisting in technical scoping of security testing activities
• Curation and assessment of vulnerability data (across multiple platforms/tools) from a manual penetration perspective, to focus on true exploitation.

Base pay range

$140,000.00/yr - $170,000.00/yr

Under the direction of the Manager of Information Security, the Penetration Test Engineer will protect the company and its subsidiaries from cyberattacks, safeguarding sensitive data, the company brand, and business operations. This critical role includes performing penetration tests, identifying vulnerabilities, conducting risk assessments, developing and testing incident response procedures, and collaborating with internal and external teams to enhance companywide security posture.

• Conduct penetration tests across web/business applications, servers, APIs, mobile apps, networks, cloud environments, and connected vehicles.
• Document vulnerabilities with technical reports detailing risk levels and remediation recommendations.
• Lead or participate in all phases of penetration testing: Reconnaissance, Scanning, Vulnerability Assessment, Exploitation, Remediation, and Reporting.
• Develop and maintain security incident response policies; lead table-top exercises and forensic investigations.
• Stay current on emerging security threats and the tools/methods to mitigate them.
• Collaborate with business units and external service providers to implement security enhancements.

• Bachelors degree or equivalent experience in information security; advanced degrees or certifications a plus.
• 8+ years in organizations with mature security practices.
• 3+ years conducting hands-on penetration tests and vulnerability management; Red Team experience preferred.
• 3+ years in information security incident response, cybersecurity, or IT risk management.
• Experience with security auditing, compliance regulations, and evidence collection.
• Experience in penetration testing on vehicles is a plus.
• Success in CTF competitions and/or bug bounty programs is highly desirable.
• Skilled in IT infrastructure, security components, scripting (Python), and penetration testing tools (Burp Suite, Kali Linux, Metasploit, John the Ripper, Nmap, Wireshark, OWASP ZAP, Aircrack-ng, Tenable Nessus, etc.).
• Excellent communication, leadership, and organizational skills.

• High emotional intelligence for effective collaboration and stakeholder communication.
• Proactive, self-motivated, and able to lead multiple concurrent initiatives.
• Expertise in SIEM, attack chains, emerging threats, and security monitoring best practices.

• Work in a fast-paced, innovative environment shaping the future of mobility.
• Competitive compensation and benefits package.
• Opportunities for professional growth and cross-functional collaboration.

• Full-time

• Quality Assurance and Engineering

• Motor Vehicle Manufacturing, Information Services, and Technology, Information and Media

Computer Futures is a leading IT recruitment consultancy, specializing in placing IT experts in permanent and contract roles across the US, Europe, and Asia.

With a proven track record in IT recruitment, we enjoy success within all sectors and business types, placing a candidate every 38 minutes. From single job vacancies to large-scale projects, our proficiency in providing exceptional professionals across the board has carved our reputation as a secure and significant supplier partner.

A robust and financially strong business, we have grown organically from our first office in London in 1986, to 7 offices across the US including: New York, Boston, Chicago, San Diego, San Francisco, Houston, and Austin. We also have 18 offices in Europe including: Amsterdam, Brussels, Dublin, Edinburgh, Frankfurt, Hamburg, Munich and Paris.

Passionate about recruitment, our 350+ specialist IT recruitment consultants' priority is to secure the right person for the right role, within a specified timeframe and budget. Through Computer Futures' methodology, our consultants who are there to help provide you with the best service and support whatever your IT requirement is we pride ourselves on our quality of candidates, our speed of delivery and the ability to provide a bespoke service to meet our individual clients' recruitment needs.

-Min 3 years of experience penetration/vulnerability testing for web and applications in an enterprise environment

-Automated and manual testing experience

-Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc.

-Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.

James Benjamin H. Ilagan

Computer Futures

Newark, United States | Posted on 01/10/2025

We are seeking a highly skilled and experienced Senior Penetration Tester to join our cybersecurity team. This individual will lead complex penetration testing activities, conduct advanced red team engagements, and thoroughly assess our clients networks, applications, and systems for vulnerabilities. The ideal candidate is a seasoned security professional with a passion for uncovering weaknesses before adversaries can exploit themand a knack for communicating technical findings to both technical and non-technical audiences.

Advanced Penetration Testing

• Execute sophisticated penetration tests against web applications, networks, cloud environments, and mobile platforms.
  
• Perform in-depth reconnaissance, exploit development, and post-exploitation activities to fully gauge security weaknesses.
  
• Collaborate with stakeholders to identify high-risk areas and design targeted testing strategies.
  
• Evaluate potential attack vectors, assess impact, and prioritize remediation steps based on industry best practices.
  

Red Team Engagements

• Plan and lead complex red team operations, simulating real-world attack scenarios that encompass social engineering, physical intrusion, and cyber infiltration tactics.
  
• Coordinate with purple team exercises to help stakeholders detect, respond to, and recover from simulated attacks.
  

Reporting & Documentation

• Prepare clear, detailed reports outlining findings, remediation guidance, and risk assessments.
  
• Communicate results effectively to executives, security teams, and developers, ensuring stakeholders fully understand threats and mitigation strategies.
  

Technical Leadership & Mentorship

• Serve as a subject matter expert for junior testers, guiding them in methodologies, tooling, and emerging threat techniques.
  
• Stay current with new offensive security tools, vulnerability trends, and threat landscapes, sharing knowledge to enhance team capabilities.
  

Security Program Enhancement

• Advise clients and internal teams on best practices for security architecture, secure coding standards, and incident response.
  
• Contribute to the continuous improvement of penetration testing methodologies, processes, and internal tools.
  

Education & Certifications

• Bachelors degree in Computer Science, Cybersecurity, or equivalent work experience.
  
• Relevant certifications such as OSCP, OSCE, GPEN, GXPN, or CEH strongly preferred.
  

Experience

• Minimum of 5 years hands-on penetration testing experience, with a proven track record of finding complex vulnerabilities.
  
• In-depth knowledge of common frameworks (OWASP Top 10, MITRE ATT&CK, NIST) and industry-standard tools (Burp Suite, Metasploit, etc.).
  
• Experience with programming/scripting in languages such as Python, Go, or PowerShell for exploit development and automation.
  

Security Clearance

• Current or active government security clearance is strongly preferred .
  
• Applicants able to obtain or maintain a clearance may also be considered.
  

Technical & Soft Skills

• Proficiency in network protocols, operating systems (Windows, Linux, macOS), and cloud environments (AWS, Azure, GCP).
  
• Familiarity with containerized environments (Docker, Kubernetes) and DevSecOps principles.
  
• Strong analytical and problem-solving abilities, with excellent attention to detail.
  
• Effective communication and presentation skills for delivering technical results to non-technical audiences.
  

• Adaptability Able to quickly pivot to new technologies, frameworks, and attack vectors.
  
• Collaboration Comfortable working cross-functionally and guiding teams through advanced security scenarios.
  
• Curiosity Passion for researching cutting-edge offensive security tactics and pushing boundaries to identify critical vulnerabilities.
  

• Expertise in web application security testing
• Experience in security testing with SAST, SCA, DAST, IAST, Fuzz and penetration testing tools
• Expertise in mobile application security testing
• Expertise in Web application firewall
• Hands-on experience with DevSecOps tools and practices, including static code analysis, security scans, and automated testing.
• Understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25
• Ability to Client and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
• Experience with security tools like Fortify, CheckMarx, VeraCode, BurpSuite, Snyk, Nessus
• Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk
• Strong knowledge of cryptography, API security, and secret management
• Security certifications such as OSCP
• Excellent interpersonal and communication skills, with the ability to work effectively with all levels of management.
• Knowledge of payments domain

Imagine One is currently seeking multiple candidates for positions supporting the U.S. Navy at Naval Surface Warfare Center Dahlgren Division (NSWCDD). We are looking for Senior Penetration Tester to provide engineering support for Cyber Situational Awareness (SA), Cyber Command and Control (C2), Mission Assurance, and Homeland Defense in Virginia Beach, Virginia. Work will be performed on-site in Virginia Beach, Virginia.
Experience Requirements:
The Senior Penetration Tester shall have experience with technical processes and technical management processes in support of comprehensive test and evaluation associated with test support, operational verification of installations and support efforts for Developmental Test and Evaluation (DT&E), Operational Test and Evaluation (OT&E), and Penetration testing (PEN testing) to include the following duties:

• Provide support by utilizing experience working with Entra ID (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation
• Provide support by utilizing experience in automation using PowerShell, PowerAutomate, Logic Apps, Graph API
• Provide support by utilizing experience working with Microsoft Entra ID and Microsoft 365 in a hybrid environment
• Provide support by utilizing experience extending or integrating on premises AD with Entra ID
• Provide support by utilizing experience managing identity and access in Microsoft Entra ID
• Provide support by utilizing experience conducting Red Team operations in an MDE environment
• Provide support by utilizing experience with AWS, Cloud Audit, Serverless and Microservice Architecture
• Provide support utilizing experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those service
• Provide support by performing web application and API penetration testing, and Cloud Security Audits
• Provide support by utilizing experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g., OAuth2, SAML, LDAP)
• Providing support by writing proof of concept code to demonstrate the severity of a potential security issues
• Provide support by utilizing working knowledge with scripting languages (e.g., Python, Perl, PHP, Ruby)
• Provide support by utilizing working knowledge with Programming language (e.g., C, Java, Python, JavaScript)

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS; Minimum of 3 years with PhD
• Shall have a minimum of five (5) years of experience in penetration testing and/or offensive Cyber operations
• Shall have demonstrated experience utilizing penetration tools
• Shall have demonstrated experience in mimicking threat behavior
• Demonstrated experience performing vulnerability assessments with the Assured Compliance Assessment Solution tool
• Demonstrated experience with performing STIG assessments to include using SCAP benchmarks
• Demonstrated experience utilizing packet analyzer tools such as Wireshark and tcpdump
• Certifications: CEH or GSEC or Security+
• Minimum certification as 541 (or similar as required by the Technical Instruction) at the Intermediate level per DoDD , or successor
• Offensive Security Certified Professional (OSCP) or Offensive Security Certified Expert (OSCE) or Offensive Security Exploitation Expert (OSEE) or Offensive Security Wireless Professional (OSWP) certification required
• Ability to travel up to 10 percent

• ACTIVE Top Secret/SCI DoD Clearance Required (no interim)