Posted Jul 12, 2026

Lead Penetration Tester/Red Teamer

Apply for this Position →
• **Remote if in: IL, TX, FL, GA, MA, MD, MN, NC, NJ, NY, DC, WI or in office Chicago, IL / Dallas, TX** • **We are unable to sponsor as this is a permanent full-time role*** Responsibilities: • Execute comprehensive Red Team simulations including network/application penetration testing, cloud security, social engineering, physical security, mobile testing, and OSINT within defined rules of engagement. • Develop and deploy Command and Control (C2) infrastructure using evasion and obfuscation techniques to test and enhance Cyber Defense detection capabilities. • Leverage AI/LLM tooling to accelerate offensive research, exploit development, and overall Red Team effectiveness. • Conduct ad-hoc white-box testing on pre-production and in-development infrastructure and validate remediated findings with IT owners. • Perform threat modeling, security risk assessments, and independent reviews of security, network, and applications. • Develop clear, evidence-based reports with actionable remediation recommendations and debrief stakeholders on findings. • Cross-train Red Team members and other Security/IT teams on adversarial threats, attack vectors, and remediation strategies, enhancing the knowledge and skill base of the organization. Qualifications: • BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university is desired but not required • 7+ Years experience of Penetration testing • 7+ Years experience in Information Assurance or Cybersecurity work environments • Security-related certifications (OSCP, OSWE, OSCE, GPEN, GXPN, GWAPT, ARTE, etc.) highly desired. • Broad expertise across Network/Application, Web Application, and Mobile Application Penetration Testing, Command and Control (C2) Infrastructure Development, Cyber Defense Evasion techniques, Social Engineering, OSINT, Basic Emissions Testing, and Physical Security Testing. • Strong working knowledge of AI/LLMs and agentic systems (autonomous agents, orchestration frameworks, MCP) and how they can accelerate offensive security tradecraft across reconnaissance, exploit/payload development, tooling, and findings triage. • Good applicable knowledge of policy and procedure development, systems analysis, IA policy, vulnerability and risk management, and regulatory standards (e.g., CSF, NIST, PCI, FIPS 199, COBIT 5). • Strong knowledge of cryptography (symmetric, asymmetric, hashing), common enterprise infrastructure technology stacks, and network configurations. • Strong proficiency in Network, Web Application, Cloud, and Mobile Device security testing • Demonstrated exploit, payload, and attack framework development experience • Strong knowledge of EDR detection capabilities such as Crowdstrike/Carbon Black, etc. and associated defense evasion techniques for behavioral based alerting • Strong proficiency in social engineering and intelligence gathering. • Strong experience with custom scripting (Python, Powershell, Bash, etc.) and process automation. • Strong experience with database security testing (MSSQL, DB2, MySQL, etc.). • Strong proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nighthawk, Nmap, Qualys, Nessus, Burp Suite, Wireshark, Recon-NG, Ettercap/Bettercap, Hashcat, Bloodhound, Ida Pro, Ghidra, Sublist3r, Rubeus, Mimikatz, CrackMapExec, Exploitdb, Yersinia, Impacket, etc.). • Track record of vulnerability research and CVE assignments • Knowledge of Windows APIs and Living off the Land (LOL) Binaries