Consultant, Penetration Tester - Compliance Security

About the position

Join a collaborative and dynamic team of cybersecurity professionals to conduct cutting-edge penetration testing across a wide range of technologies and environments. As a Consultant, you’ll play a key role in identifying vulnerabilities, simulating real-world cyberattacks, and helping our clients strengthen their security posture. Your day-to-day will include internal and external network penetration testing, application security assessments (browser-based, API, mobile), cloud environment testing, social engineering engagements, and wireless assessments.

Responsibilities

• Perform security assessments across various platforms and technologies
• Simulate sophisticated cyberattacks to assess and improve client defenses
• Advise clients on technical security and compliance best practices
• Manage your own testing priorities and deliver high-quality work on time
• Collaborate with internal teams—PMs, QA, sales, and other consultants—to deliver exceptional client service
• Create and maintain testing methodologies, documentation, and processes
• Write detailed, high-quality reports for both technical and executive stakeholders
• Scope and lead penetration testing engagements from start to finish
• Help resolve escalations during active assessments
• Mentor junior team members and contribute to a positive team environment
• Support the team’s success by contributing to KPIs, innovation, and knowledge sharing

Requirements

• A Bachelor’s Degree (or equivalent experience) in Information Security, Computer Science, or a related field
• 3+ years of hands-on experience in network and/or application penetration testing
• Proficiency with scripting languages such as Python, PowerShell, Shell, or Ruby
• Familiarity with security frameworks (e.g., PCI, HIPAA, FedRAMP, HITRUST, or FISMA)
• 1–3 years of experience in IT security audit and/or compliance roles
• Strong technical foundation in networks, servers, workstations, and applications
• Experience working in a consulting or client-facing role (minimum 3 years)
• Strong communication and presentation skills—able to interface with both technical and non-technical stakeholders
• Willingness to travel occasionally (up to 10%)

Nice-to-haves

• Compliance-Driven Penetration Testing (e.g., PCI, FedRAMP)
• Cloud Penetration Testing (e.g., AWS, Azure, GCP)
• Network/Active Directory Penetration Testing
• Application (Web/API/Mobile/Thick) Penetration Testing
• Secure Code Review
• Hardware or IoT Testing
• Container Security Testing
• AI or ML System Testing

Benefits

• Flexible work model
• Paid parental leave
• Flexible time off
• Certification and training reimbursement
• Digital mental health and wellbeing support membership
• Comprehensive insurance options