SENIOR PENETRATION TESTER (Remote) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Emagine IT, Inc. · 2 months ago

SENIOR PENETRATION TESTER (Remote)

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
money$130K/yr - $150K/yr
date5+ years exp

Emagine IT is an information technology consulting services company that specializes in delivering technology solutions. They are seeking a Senior Penetration Tester to facilitate Penetration Tests and Threat Hunting exercises within cloud-based environments, requiring a strong understanding of security-related system controls and testing methods.

ConsultingHuman ResourcesInformation TechnologyManagement Consulting
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Execute testing procedures in accordance with NIST SP 800-53A and industry testing standards like OWASP, MITRE, etc
Test for vulnerabilities, validate exploitable vulnerabilities within network, cloud, web and mobile environments
Perform Social Engineering campaigns, including email phishing, spear phishing, phone pre-text calling – Including but not limited to creation of landing pages, creation of embedded executable payloads
Develop Rules of Engagement, Penetration Test Plans, Penetration Testing report, Power Point presentations for kick-off and closing of client engagements
Author recommendations based on findings to improve security postures compliant with NIST controls
Penetration Testing/Threat Hunting (75%); Advisory/Consulting (%25)
Develop Testing Guides Based on Methodologies (MITRE, OWASP, etc.)
Creation of Comprehensive Testing Frameworks: Develop detailed penetration testing guides and frameworks that align with industry standards such as MITRE ATT&CK, OWASP Top Ten, NIST, and others. These guides serve as a foundation for the team, providing step-by-step methodologies for various types of tests, such as web application, network, mobile, wireless, and social engineering assessments
Incorporation of Advanced Techniques: Regularly update these guides to incorporate the latest attack techniques and defensive strategies. This includes adapting to emerging threats and ensuring the guides remain relevant in the rapidly evolving cybersecurity landscape
Customization for Client Environments: Tailor these methodologies to meet specific client environments and industry requirements, ensuring that the testing approach is both comprehensive and contextually appropriate
Develop Team Trainings Based on Test Guides and Engagement Debriefs
Training Program Development: Design and implement training programs for the penetration testing team, leveraging the developed test guides. This includes foundational training for new hires and advanced sessions for experienced testers, covering both the theoretical and practical aspects of penetration testing
Debrief and Knowledge Sharing: Conduct debrief sessions following each engagement to discuss unique or novel findings. These sessions aim to share lessons learned, explore new vulnerabilities or attack techniques encountered, and foster a culture of continuous learning within the team
Simulation and Hands-On Training: Organize practical, hands-on workshops and simulations to provide team members with real-world experience in using new tools and methodologies. Encourage a red teaming mindset to challenge the status quo and think like adversaries
Take on QA Responsibilities for Reports or Rules of Engagement (ROEs)
Quality Assurance for Reports: Perform thorough quality assurance (QA) reviews of penetration testing reports to ensure accuracy, clarity, and completeness. This includes verifying that findings are well-documented, evidence is clearly presented, and recommendations are actionable and relevant
Consistency and Compliance: Ensure that all reports adhere to internal and external compliance requirements and follow a standardized format. This includes checking that language is professional, findings are ranked by risk severity, and there are no spelling or grammatical errors
Rules of Engagement (ROE) Review: Review and refine Rules of Engagement (ROE) documents to ensure they are clear, comprehensive, and aligned with client expectations and legal considerations. This involves outlining the scope, limitations, and specific rules under which testing will occur, and mitigating any potential risks
More Active Role in Blog Posting and Research
Thought Leadership and Content Creation: Take a proactive role in writing blog posts and research papers that contribute to the broader cybersecurity community. This includes sharing insights from recent engagements, discussing novel attack vectors, and exploring new defensive measures
Research and Development (R&D): Lead or participate in research initiatives to explore emerging threats, new vulnerabilities, and advanced attack techniques. Collaborate with other industry experts and organizations to exchange knowledge and stay at the forefront of cybersecurity trends
Community Engagement: Engage with the security community through conferences, webinars, and social media to discuss findings, share knowledge, and establish the organization as a thought leader in penetration testing and cybersecurity
Tool Development and Acquisition (Responsible for Vendor Communications)
Tool Development and Customization: Lead the development of custom tools and scripts to automate repetitive tasks, enhance testing capabilities, or address specific needs not covered by existing tools. This may involve coding in languages such as Python, PowerShell, or Bash
Vendor Communication and Acquisition: Act as the primary point of contact for vendor communications regarding tool acquisition. This includes evaluating new tools, negotiating contracts, managing licensing, and ensuring that new acquisitions align with the team's needs and budget
Vendor Management: Maintain relationships with tool vendors, manage software licenses, and ensure compliance with vendor agreements. Coordinate tool evaluations and trials, and gather feedback from the team to make informed purchasing decisions
Manage Current Toolset and Adjust Them as Needed for the Team
Toolset Management: Oversee the maintenance and management of the team's current toolset, ensuring that all tools are updated, properly configured, and functioning correctly. This includes open-source tools, commercial products, and internally developed scripts
Optimization and Customization: Regularly assess the effectiveness of the existing toolset and make adjustments as needed. This might involve configuring tools for specific engagement requirements, integrating them with other systems, or enhancing their functionality through plugins or custom scripts
Continuous Improvement and Adaptation: Stay updated on the latest tools and technologies in penetration testing and cybersecurity. Evaluate new tools and technologies for potential inclusion in the toolset to ensure the team remains equipped with the best resources available
Security and Compliance of Tools: Ensure that all tools in use adhere to the organization's security policies and do not pose any risks to client environments. Regularly review tool security settings and configurations to prevent misuse or exploitation

Qualification

Penetration TestingThreat HuntingNIST SP 800-53AKali LinuxCobalt StrikeBurp SuiteMetasploit FrameworkSocial Engineering ToolkitMITRE ATT&CK FrameworkSQL commandsPythonRubyOSCPOSCEOSWPCEHCRTO

Required

Bachelor's degree in a relevant field
Certifications: OSCP, OSCE, OSWP, CEH, CRTO
5 years' experience
Strong understanding of security-related system controls
Understanding of the various testing methods utilized to ascertain the effectiveness of those controls
Experience using Kali Linux
Experience using Cobalt Strike
Experience using Social Engineering Toolkit
Experience using Burp Suite
Experience using Nessus
Experience using Metasploit Framework
Experience using the MITRE ATT&CK Framework
Good understanding of coding (Python, Ruby, etc.)
Understanding of SQL commands and testing
Expected Travel less than 25%

Company

Emagine IT, Inc.

twittertwittertwitter
company-logo
For over two decades, we've delivered technical precision and mission-driven innovation— shaping the future of enterprise architecture, infrastructure, cybersecurity, and AI-powered automation.
dateFounded in 2002
location
Fairfax, Virginia, USA
people-size51-200 employees
web-link
http://eit2.com

H1B Sponsorship

Emagine IT, Inc. has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2020 (3)

Funding

Current Stage
Growth Stage
Total Funding
unknown
Key Investors
Enlightenment Capital
2018-10-04Private Equity

Leadership Team

leader-logo
Aamir Saleem
Founder/Chief Innovation Architect
linkedin

Recent News

Washington Technology
Emagine IT hires former Mitre exec as CEO
2025-07-02
citybiz
Emagine IT Appoints Cedric Sims as CEO
2025-07-02
Business Wire
Emagine IT Appoints Cedric Sims as Chief Executive Officer
2025-07-01
Company data provided by crunchbase