Position: Offensive Security Consultant (Mid-Senior)
Location: United States - Remote
Employment Type: Full Time
Pay Range: $100k-$160k /yr base salary depending on experience/expertise
Key Responsibilities
• Conduct manual penetration testing across internal, external, and wireless
networks, web applications, APIs, thick clients, cloud infrastructure, and
enterprise environments
• Execute full-scope covert red team engagements, adversary simulations,
assumed breach engagements, social engineering, and physical assessments
• Manage infrastructure necessary to conduct red team operations
• Develop custom proof-of-concept exploits and tooling when automated or
existing tools are insufficient
• Produce clear, comprehensive technical reports and executive summaries that
outline vulnerabilities, business impact, and remediation guidance
• Stay current on emerging threats, TTPs, and cyber security trends
• Contribute to penetration testing framework, including deliverables,
custom script development, testing methods and techniques, and ongoing
research
• Participate in project kickoff and report delivery meetings
• Lead by example in behavior, work ethic, and punctuality
Qualifications
• Minimum of 5-7 years of professional experience in hands-on manual
penetration testing and/or red teaming
• Strong in either network or appsec, and passable on the other
• Skills-based industry certification (OffSec, Zero-Point Security, SEKTOR7, etc)
• Proficient with common industry tools and C2 frameworks
• Some level of scripting/coding proficiency
• Excellent ability to troubleshoot technical issues
• Exhibit extensive knowledge of industry standard penetration testing
frameworks and methods (e.g., PTES, OWASP, MITRE ATT&CK)
• Strong organizational skills, including ability to deliver with minimal supervision
• Strong professionalism and speaking/writing skills
• Ability to multi-task without compromising deadlines and assignment
expectations
Preferred / Nice to Have
• Previous experience conducting penetration testing in a consulting capacity
• Working knowledge of PCI DSS, HIPAA, and SOC 1/2, and the ability to
translate offensive security findings into compliance-relevant risk and
remediation guidance.
• Experience with malware development, C2 framework enhancements, and
EDR evasion
• Formal education in Information Security, Information Technology, Computer
Science, Engineering or related discipline
• Desire to contribute to blog and/or speak at industry conferences
on occasion
These are not tool-heavy, checkbox pentests. Our testers think and act like adversaries -
endpoint evasion, privilege escalation, moving laterally, and chaining attacks until we
hit business-critical objectives. We write narrative-driven reports that tell the full story
from entry to impact, showing the path taken and the attacker mindset, and
conveying the risks in a way that the client understands.
Automated tools, BAS platforms, and AI agents can tell you where the low-hanging
fruit is. What they can’t do is think like an adversary, turning a series of small flaws into
full-on breaches. That takes curious, disciplined, relentless humans… Hackers. We do
pentests the way real attackers do, but with one purpose - to make our clients
stronger, safer, and prepared for the real thing.
