Posted Jul 10, 2026

Lead Penetration Tester

Apply for this role →
About The Role What if your ability to think like an attacker could directly make organizations more secure? We're looking for a Lead Penetration Tester to conduct sophisticated offensive security engagements — probing applications, networks, and cloud environments for vulnerabilities before the real adversaries do. This is a fully remote contract role built for experienced offensive security professionals who thrive on technical challenge, think creatively under pressure, and communicate findings with clarity and precision. What You'll Do • Plan and execute penetration tests across web applications, internal and external networks, and cloud infrastructure • Identify, validate, and exploit vulnerabilities to demonstrate real-world impact • Conduct post-exploitation analysis to assess the full scope and blast radius of discovered weaknesses • Deliver clear, structured technical reports with actionable severity assessments and remediation guidance • Challenge and validate defensive assumptions — test detection logic, not just defenses • Support recurring red-team and purple-team engagements alongside security operations teams Must-Have Who You Are • Proven background in offensive security, penetration testing, or red teaming • Hands-on experience with common exploitation frameworks, tools, and methodologies (Metasploit, Burp Suite, Cobalt Strike, or similar) • Strong ability to think like an adversary and replicate real-world attack chains • Skilled at writing structured, professional technical reports that non-technical stakeholders can act on • Self-directed and reliable — you can manage engagements independently without hand-holding Nice To Have • Offensive security certifications (OSCP, OSWE, OSEP, CRTO, or similar) • Experience with cloud-specific attack paths (AWS, Azure, GCP) • Background in red team operations, adversary simulation, or threat emulation • Familiarity with purple team collaboration and detection engineering workflows Why Join Us • Fully remote — work from wherever you do your best work • Freelance autonomy with consistent, substantive engagements • Work on technically challenging targets across diverse environments • Contribute findings that directly improve real-world security posture • Potential for ongoing contract work and expanded engagements over time