Lead Penetration Tester/Red Teamer
$ cat job-description.txt
***Remote if in: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI or in office Chicago, IL / Dallas, TX**
***We are unable to sponsor as this is a permanent full-time role***
Responsibilities:
- Execute comprehensive Red Team simulations including network/application penetration testing, cloud security, social engineering, physical security, mobile testing, and OSINT within defined rules of engagement.
- Develop and deploy Command and Control (C2) infrastructure using evasion and obfuscation techniques to test and enhance Cyber Defense detection capabilities.
- Leverage AI/LLM tooling to accelerate offensive research, exploit development, and overall Red Team effectiveness.
- Conduct ad-hoc white-box testing on pre-production and in-development infrastructure and validate remediated findings with IT owners.
- Perform threat modeling, security risk assessments, and independent reviews of security, network, and applications.
- Develop clear, evidence-based reports with actionable remediation recommendations and debrief stakeholders on findings.
- Cross-train Red Team members and other Security/IT teams on adversarial threats, attack vectors, and remediation strategies, enhancing the knowledge and skill base of the organization.
Qualifications:
- BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university is desired but not required
- 7+ Years experience of Penetration testing
- 7+ Years experience in Information Assurance or Cybersecurity work environments
- Security-related certifications (OSCP, OSWE, OSCE, GPEN, GXPN, GWAPT, ARTE, etc.) highly desired.
- Broad expertise across Network/Application, Web Application, and Mobile Application Penetration Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, Social Engineering, OSINT, Basic Emissions Testing, and Physical Security Testing.
- Strong working knowledge of AI/LLMs and agentic systems (autonomous agents, orchestration frameworks, MCP) and how they can accelerate offensive security tradecraft across reconnaissance, exploit/payload development, tooling, and findings triage.
- Good applicable knowledge of policy and procedure development, systems analysis, IA policy, vulnerability and risk management, and regulatory standards (e.g., CSF, NIST, PCI, FIPS 199, COBIT 5).
- Strong knowledge of cryptography (symmetric, asymmetric, hashing), common enterprise infrastructure technology stacks, and network configurations.
- Strong proficiency in Network, Web Application, Cloud, and Mobile Device security testing
- Demonstrated exploit, payload, and attack framework development experience
- Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting
- Strong proficiency in social engineering and intelligence gathering.
- Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation.
- Strong experience with database security testing (MSSQL, DB2, MySQL, etc.).
- Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.).
- Track record of vulnerability research and CVE assignments
- Knowledge of Windows APIs and Living off the Land (LOL) Binaries
first seen 2026-07-09 16:32:32 · last verified 2026-07-09 16:32:32
pentestcareers.com // breach the job market