Senior Penetration Tester
Raleigh, North Carolina, United States of America
Contract
2 days ago
Key skills
Active DirectoryOWASPPenetration Testing
About this role
Role: Senior Penetration Tester
Location: Raleigh, NC (Hybrid)
Duration: 12+ months
Job Description:
Skill Matrix:
Skill
Required / Desired
Years
Minimum 7 10 years of hands-on experience in penetration testing or offensive security
7 years required
Demonstrated expertise in network and infrastructure security testing
7 years required
Strong understanding of: o TCP/IP, DNS, DHCP, VPN, firewalls, IDS/IPS o Windows and Linux system internals o Active Directory attack paths and defen
8 years required
Advanced proficiency with penetration testing tools such as: o Nmap, Nessus, Metasploit, Burp Suite o BloodHound, NetExec, PingCastel Analysis tools
7 years required
Experience producing standard penetration testing reports
7 years required
Familiarity with security frameworks and standards, including: o NIST SP 800-53, 800-115, 800-61 o MITRE ATT&CK o OWASP Testing Guide
7 years required
Experience working within regulated or high-security environments
7 years required
Strong understanding of legal, ethical, and compliance requirements for penetration testing
5 years required
Interview Type: Both Phone and In Person
Seeking a Senior Penetration Tester to conduct authorized network & infrastructure penetration testing to identify, validate, & demonstrate security weaknesses.
The Senior Penetration Testing Contractor will:
- Plan and execute internal and external penetration tests for network and infrastructure environments
- Perform vulnerability identification, validation, and controlled exploitation
- Assess security posture across:
- Network devices (firewalls, routers, switches)
- On-premise servers and operating systems (Windows, Linux, Unix)
- Active Directory and identity infrastructure
- Remote access solutions and VPNs
- Cloud environments (where applicable)
- Simulate advanced threat actor techniques including:
- Privilege escalation
- Lateral movement
- Credential compromise
- Persistence mechanisms
- Evaluate security configurations and control effectiveness
- Conduct testing in accordance with approved Rules of Engagement
- Prepare and deliver formal penetration testing reports suitable for executive, audit, and technical audiences
- Support remediation validation and follow-up testing as required.