Senior Penetration Tester / WebApp, Network, & Social Engineering / Hybrid / Full-Time

A local consulting firm is building out its offensive security practice and seeking a Senior Pen Tester to lead the charge. This full-time, direct-hire role is hybrid, offering a flexible schedule in a great team environment. The ideal candidate brings strong experience across both pen testing and red teaming, network, webapp, and social engineering, and will work in a hands-on capacity while defining the future of the program. Role is hybrid to Pittsburgh or Lehigh Valley areas.

This company places a high value on culture, collaboration, and intentional growth. The Senior Pen Tester will not only drive technical assessments and client engagements but also help to define the program’s direction – choosing tooling, refining methodologies, and identifying new service areas. Past engagements have included black box and white box testing, full red team operations, and lighter assessment work. The firm is looking to evolve these offerings into a more mature, scalable model. If you're comfortable in a client-facing role, skilled in running top-level pen tests and red team operations, and driven to inspire a collaborative environment, this role is for you. Any prior work and interest in how AI is shaping the threat landscape makes you particularly fitted for this role, as the program intends to remain aligned with the constantly changing environment, and therefore, work to implement generative and agentic AI technologies. 

Required Skills & Experience

• 6+ years in a hands-on offensive security role, with a strong foundation in penetration testing and red teaming
• Proven experience conducting internal/external network assessments, webapp and API testing, and social engineering engagements
• Familiarity with both black box and white box testing methodologies
• Full scope testing capabilities, including execution, documentation, and client reporting
• Prior consulting experience delivering pen test and/or red team services to external clients
• Strong collaborative mindset with a passion for learning and mentoring junior team members
• Relevant certifications such as OSCP, CEH, or equivalent offensive security credentials

Desired Skills & Experience

• Understanding of how AI is shaping the threat landscape and a desire to contribute to research and development in this space
• Passion for staying current with emerging threats, vulnerabilities, and offensive security trends
• Experience with adversary emulation frameworks (e.g., MITRE ATT&CK, CALDERA, Atomic Red Team)
• Comfort with scripting and automation (Python, PowerShell, Bash) to support offensive tooling and infrastructure.

What You Will Be Doing
Tech Breakdown

• 40% Network and Infrastructure Testing
• 40% Web Application and API Testing
• 20% Social Engineering and Physical Security Assessments

Daily Responsibilities

• 85% Hands-on Technical Execution (Pen Testing & Red Teaming)
• 15% Strategic Program Development & Team Collaboration

The Offer

• Competitive base salary
• Monthly profit-sharing bonus tied to individual testing goals – earn more when you meet or exceed your assessment targets.

You will receive the following benefits:

• Medical, Dental, and Vision Insurance
• Vacation Time

Applicants must be currently authorized to work in the US on a full-time basis now and in the future.