Back to Open Positions
Penetration Tester
Offensive Security Remote (US) / Catonsville, MD Full-Time $95K–$140K DOE
About the Role
SOClogix is hiring a Penetration Tester to join our offensive security team. You'll conduct authorized security assessments - including network, web application, wireless, and social engineering engagements - for clients across healthcare, financial services, manufacturing, and government. Your findings will directly inform our clients' security programs and help them understand and remediate real-world attack vectors before adversaries exploit them.
What You'll Do
- Conduct external and internal network penetration tests against client environments
- Perform web application security assessments (OWASP Top 10, API testing, authentication bypass)
- Execute social engineering campaigns including phishing simulations and pretexting
- Perform wireless security assessments and physical security evaluations when scoped
- Identify, exploit, and document vulnerabilities with clear proof-of-concept evidence
- Write detailed, professional penetration test reports with executive summaries and technical findings
- Present findings to client stakeholders, including non-technical executives
- Collaborate with the SOC and MDR teams to improve detection capabilities based on offensive findings
- Stay current on emerging attack techniques, CVEs, exploit development, and offensive tooling
Requirements
- 2+ years of hands-on penetration testing experience (internal or consulting)
- Proficiency with industry-standard tools: Burp Suite, Nmap, Metasploit, BloodHound, Cobalt Strike, or similar
- Strong understanding of Active Directory attacks, privilege escalation, and lateral movement techniques
- Experience with web application testing methodologies (OWASP, PTES, NIST 800-115)
- Ability to write clear, actionable penetration test reports for both technical and executive audiences
- Familiarity with common compliance frameworks (PCI-DSS, HIPAA, NIST CSF) and how pen testing supports them
- Strong networking fundamentals (TCP/IP, DNS, HTTP/S, VPN, firewall traversal)
- At least one relevant certification: OSCP, GPEN, GXPN, PNPT, CEH, or equivalent
Nice to Have
- OSCP, OSWE, GXPN, or CRTO certification
- Experience with cloud penetration testing (Azure, AWS, GCP)
- Red team or adversary simulation experience
- Scripting/programming skills (Python, PowerShell, Bash, C#)
- Experience with Active Directory Certificate Services (ADCS) attacks
- Familiarity with OT/ICS security assessment
Benefits
- Competitive salary based on experience
- Health, dental, and vision insurance
- 401(k) with company match
- Unlimited PTO
- Annual certification and training budget (conferences, courses, labs)
- Remote-first culture with flexible scheduling
- Access to dedicated lab environments for research and skill development
Apply for This Role
Fill out the form below and we'll be in touch.