Job Details

Job Summary

CyberAssurance is seeking an experienced Senior Penetration Tester to join our remote team. This is a hands-on, client-facing role focused on executing penetration tests (internal, external, web app, Azure, AWS), CIS Benchmarks-Microsoft 365/Azure and social engineering (onsite, phone, email). Youll work directly with clients to understand their environments, and deliver clear, actionable recommendations.

Key Responsibilities

Technical Execution

• Penetration Testing: Lead and perform internal/external network, web application, and cloud (Azure/AWS) penetration tests.
• Social Engineering: Conduct SE campaigns including phishing, vishing, and onsite testing.
• Methodology: Customize and use tools such as Burp Suite, Open VAS/Nessus, and custom scripts (Python, PowerShell, etc.).
• Report Writing: Develop professional reports detailing findings, risks, and remediation recommendations using Word and pen test report software.

Client Engagement

• Collaborate with Clients: Define scope, objectives, and success criteria for each engagement.
• Provide Recommendations: Clear debriefs and consultative guidance on remediation priorities.
• On-time Report Delivery.

Team Contribution

• Contribute to the enhancement of internal methodologies, tools, and documentation.
• Stay informed on emerging threats, vulnerabilities, and techniques through continuous learning.

Qualifications

Required:

• 3+ years of hands-on penetration testing experience.
• Proficiency in penetration testing tools and scripting (e.g., Python, Bash, PowerShell).
• Industry certifications such as OSCP, GPEN, CPT, or CompTIA PenTest+.
• Must be a strong self-starter and able to learn and develop new skills quickly.
• Excellent written and verbal communication skills.
• Proficient in Word and Excel.

Preferred:

• Advanced certifications such as OSWE, GXPN, or CREST.
• Experience working with financial institutions or within regulated industries (e.g., FFIEC, HIPAA, FedRAMP).
• Familiarity with risk assessments, cybersecurity policy design, or GRC tools.
• Experience in red team and purple team exercises.

Work Environment & Requirements

• Fully remote position.
• Some travel is required for onsite social engineering engagements.
• U.S. citizenship or work authorization required (due to regulated client environments).

Benefits

• Competitive salary.
• Reimbursement for training, conferences, and professional certifications.
• Paid time off and paid holidays.
• Health, dental, and vision insurance available.

About CyberAssurance

CyberAssurance provides advanced penetration testing, IT audits, risk assessments, cybersecurity consulting, and vCISO services to banks, credit unions, regulated industries, and businesses valuing cybersecurity expertise from a firm that places client needs first.