Skip to main content
Back to Open Positions

Penetration Tester

Offensive Security Remote (US) / Catonsville, MD Full-Time $95K–$140K DOE

About the Role

SOClogix is hiring a Penetration Tester to join our offensive security team. You'll conduct authorized security assessments - including network, web application, wireless, and social engineering engagements - for clients across healthcare, financial services, manufacturing, and government. Your findings will directly inform our clients' security programs and help them understand and remediate real-world attack vectors before adversaries exploit them.

What You'll Do

  • Conduct external and internal network penetration tests against client environments
  • Perform web application security assessments (OWASP Top 10, API testing, authentication bypass)
  • Execute social engineering campaigns including phishing simulations and pretexting
  • Perform wireless security assessments and physical security evaluations when scoped
  • Identify, exploit, and document vulnerabilities with clear proof-of-concept evidence
  • Write detailed, professional penetration test reports with executive summaries and technical findings
  • Present findings to client stakeholders, including non-technical executives
  • Collaborate with the SOC and MDR teams to improve detection capabilities based on offensive findings
  • Stay current on emerging attack techniques, CVEs, exploit development, and offensive tooling

Requirements

  • 2+ years of hands-on penetration testing experience (internal or consulting)
  • Proficiency with industry-standard tools: Burp Suite, Nmap, Metasploit, BloodHound, Cobalt Strike, or similar
  • Strong understanding of Active Directory attacks, privilege escalation, and lateral movement techniques
  • Experience with web application testing methodologies (OWASP, PTES, NIST 800-115)
  • Ability to write clear, actionable penetration test reports for both technical and executive audiences
  • Familiarity with common compliance frameworks (PCI-DSS, HIPAA, NIST CSF) and how pen testing supports them
  • Strong networking fundamentals (TCP/IP, DNS, HTTP/S, VPN, firewall traversal)
  • At least one relevant certification: OSCP, GPEN, GXPN, PNPT, CEH, or equivalent

Nice to Have

  • OSCP, OSWE, GXPN, or CRTO certification
  • Experience with cloud penetration testing (Azure, AWS, GCP)
  • Red team or adversary simulation experience
  • Scripting/programming skills (Python, PowerShell, Bash, C#)
  • Experience with Active Directory Certificate Services (ADCS) attacks
  • Familiarity with OT/ICS security assessment

Benefits

  • Competitive salary based on experience
  • Health, dental, and vision insurance
  • 401(k) with company match
  • Unlimited PTO
  • Annual certification and training budget (conferences, courses, labs)
  • Remote-first culture with flexible scheduling
  • Access to dedicated lab environments for research and skill development

Apply for This Role

Fill out the form below and we'll be in touch.

0/256