Senior Penetration Tester

Job Description

Role: Senior Penetration Tester

Location: Raleigh, NC (Hybrid)

Duration: 12+ months

Job Description:

Skill Matrix:

Skill

Required / Desired

Years

Minimum 7 10 years of hands-on experience in penetration testing or offensive security

7 years required

Demonstrated expertise in network and infrastructure security testing

7 years required

Strong understanding of: o TCP/IP, DNS, DHCP, VPN, firewalls, IDS/IPS o Windows and Linux system internals o Active Directory attack paths and defen

8 years required

Advanced proficiency with penetration testing tools such as: o Nmap, Nessus, Metasploit, Burp Suite o BloodHound, NetExec, PingCastel Analysis tools

7 years required

Experience producing standard penetration testing reports

7 years required

Familiarity with security frameworks and standards, including: o NIST SP 800-53, 800-115, 800-61 o MITRE ATT&CK o OWASP Testing Guide

7 years required

Experience working within regulated or high-security environments

7 years required

Strong understanding of legal, ethical, and compliance requirements for penetration testing

5 years required

Interview Type: Both Phone and In Person

Seeking a Senior Penetration Tester to conduct authorized network & infrastructure penetration testing to identify, validate, & demonstrate security weaknesses.

The Senior Penetration Testing Contractor will:

- Plan and execute internal and external penetration tests for network and infrastructure environments

- Perform vulnerability identification, validation, and controlled exploitation

- Assess security posture across:

- Network devices (firewalls, routers, switches)

- On-premise servers and operating systems (Windows, Linux, Unix)

- Active Directory and identity infrastructure

- Remote access solutions and VPNs

- Cloud environments (where applicable)

- Simulate advanced threat actor techniques including:

- Privilege escalation

- Lateral movement

- Credential compromise

- Persistence mechanisms

- Evaluate security configurations and control effectiveness

- Conduct testing in accordance with approved Rules of Engagement

- Prepare and deliver formal penetration testing reports suitable for executive, audit, and technical audiences

- Support remediation validation and follow-up testing as required.