Job Title: Mid-Level Penetration Tester
Location: Remote
Duration: 12 Months
Compensation: $45–$50/hour
Job Summary
The Mid-Level Penetration Tester independently delivers penetration testing engagements and serves as a technical anchor for junior team members. This role combines hands-on technical execution, client-facing communication, and risk-based judgment within enterprise and regulated environments.
The position is accountable for end-to-end penetration testing delivery and quality, from scoping through reporting and remediation validation.
Key ResponsibilitiesIndependent Test Delivery
• Lead and execute penetration testing engagements, including:
• External and internal network penetration testing
• Web application and API security testing
• Active Directory and identity-focused attack paths
• Cloud security testing (AWS, Azure, GCP)
• Develop realistic attack paths that simulate real-world adversary behavior
• Perform authorized exploitation, post-exploitation, and lateral movement activities where permitted
Client Interaction & Engagement Support
• Participate in:
• Pre-engagement scoping and assumptions validation
• Rules of Engagement walkthroughs
• Close-out meetings and remediation discussions
• Translate technical vulnerabilities into clear, business-relevant risk statements
• Support retesting and remediation validation efforts
Reporting Ownership & Quality Assurance
• Own penetration testing reports end-to-end, including:
• Executive summaries
• Risk prioritization
• Actionable and clear remediation guidance
• Ensure deliverables meet internal QA standards and client expectations
• Peer-review junior tester findings and provide corrective guidance
Mentorship & Practice Development
• Provide hands-on coaching and technical guidance to junior penetration testers
• Contribute to:
• Internal penetration testing methodologies
• Tooling and automation improvements
• Reusable attack patterns and playbooks
• Support estimation and effort-sizing for future engagements
Required Skills & ExperienceTechnical Expertise
Strong hands-on experience with:
• Web application and API exploitation
• Network and Active Directory security testing
• Authentication and authorization weaknesses
• Cloud misconfigurations and identity risks
Advanced proficiency with tools such as:
• Burp Suite Pro
• Metasploit
• BloodHound
• Scripting for automation or exploit development (Python preferred)
Professional Experience
• Minimum 5 years of professional penetration testing experience
• Proven experience delivering client-facing security engagements
• Experience working in enterprise or regulated environments preferred
Preferred Certifications
• CREST CRT or CCT
• OSCP
• Burp Suite Certified Practitioner
• Cloud security certifications (AWS or Azure preferred)
Remote
About the Company:
NavitasPartners
Apply Now
Apply Now