Penetration Tester - W2 Only

Penetration Tester - W2 Only

Location: Philadelphia, PA (ONSITE Only)

We are seeking a hands-on Penetration Tester to strengthen the security of our applications, networks, and cloud environments. This role involves executing offensive security tests, identifying vulnerabilities with clear evidence, and partnering closely with engineering teams to drive remediation.

What You’ll Do

• Perform full lifecycle penetration testing (scoping → execution → reporting → retesting)
• Test web, mobile, API, network, and cloud (AWS/Azure/GCP) environments
• Conduct OSINT, reconnaissance, scanning, exploitation & post-exploitation
• Identify vulnerabilities aligned with OWASP, PTES, NIST
• Produce high-quality, evidence-based reports with remediation steps
• Work directly with engineering/infra teams on risk triage & retesting
• Optional involvement in red teaming and adversary simulation
• Support compliance requirements (PCI DSS, ISO 27001, SOC 2)

Must-Have Skills

• 2–4 years (Mid) or 5–8 years (Senior) in hands-on penetration testing
• Strong experience with Burp Suite, ZAP, Metasploit, Nmap, Nessus/Qualys, Kali, etc.
• Ability to script/automate using Python, PowerShell, Bash
• Strong knowledge of CWE/CVE, authentication flows (OAuth/OIDC/SAML), and cloud misconfigurations
• Proven ability to produce clear, actionable security reports

Nice to Have

• API security testing, mobile security testing, wireless assessments
• DevSecOps exposure (CI/CD, SAST/DAST)
• Threat modeling & secure code review
• Cloud security experience (AWS/Azure/GCP)
• Regulated environment experience (PCI, HIPAA, FedRAMP)

Preferred Certifications (Not Mandatory)

• OSCP, OSEP, OSWE
• GIAC (GPEN, GWAPT, GXPN)
• CEH Practical, CRTP/CRTE, CPT
• CISSP (for senior roles)