Penetration Tester

Lancesoft

Canton, OH(remote)

JOB DETAILS
SALARY
$70
SKILLS
Amazon Web Services (AWS), Analysis Skills, Applications Security, Atlassian JIRA, Bash Scripting, Cloud Computing, Code Reviews, Communication Skills, Computer Security, Continuous Deployment/Delivery, Continuous Integration, DevOps, Establish Priorities, Financial Regulations, Financial Services, GCP (Good Clinical Practices), GPEN - GIAC Penetration Tester, Git, Leadership, Machine Tool, Metrics, Microsoft Windows Azure, PCI-DSS, Penetration Testing, Presentation/Verbal Skills, Problem Solving Skills, Process Improvement, Proof of Concept, Python Programming/Scripting Language, Record Keeping, Regulatory Requirements, Risk, Sarbanes-Oxley Act (SOX), Schedule Development, Scripting (Scripting Languages), Service Level Agreement (SLA), ServiceNow, Software Development Lifecycle (SDLC), Status Reports, Team Player, Testing, Time Management, Writing Skills
LOCATION
Canton, OH
POSTED
12 days ago
Job Title: Penetration Tester
Work Location: Remote –USA
Pay: $70-90/ hour

 
Must haves: 3 plus years Experience in hands on penetration testing experience or offensive security testing
 
 As a member of our Attack & Pentest team, you will serve as a frontline analyst responsible for validating, prioritizing, and driving the closure of security vulnerabilities across the enterprise. You will assess findings for exploitability and business risk, retest applications and infrastructure after remediation, and work directly with engineering teams to ensure issues are resolved effectively and on schedule.
 
This is a hands-on technical role that requires both offensive security skills and the ability to communicate clearly with developers, architects, and leadership.  
 
Responsibilities:
  • Triage – Review and validate incoming vulnerability reports from Mythos;assess severity, exploitability, and business impact;de-duplicate and enrich findings with reproduction steps and evidence
  • Retesting – Perform targeted retesting of remediated vulnerabilities to confirm fixes are effective and complete;document pass/fail results with technical evidence
  • Tracking & Remediation Support – Monitor remediation timelines against SLAs;coordinate with development and infrastructure teams to ensure timely closure;escalate aging findings per policy
  • Reporting – Maintain accurate records in the vulnerability management platform;produce weekly status reports on open/closed/overdue findings;contribute to executive-level metrics
  • Collaboration – Partner with application security, DevOps, and engineering teams to provide remediation guidance and technical context for findings
  • Process Improvement – Identify patterns in recurring vulnerabilities;recommend process or tooling improvements to reduce triage backlog
 Required Qualifications:
  • 3+ years of hands-on penetration testing experience (web applications, APIs, infrastructure)
  • Demonstrated experience triaging vulnerabilities at scale (CVSS scoring, CWE/OWASP classification, risk-based prioritization) 
  • Strong understanding of common vulnerability classes (OWASP Top 10, SANS Top 25) and remediation strategies
  • Experience with vulnerability management platforms (e.G., Jira, ServiceNow, DefectDojo, or similar)
  • Ability to write clear, reproducible proof-of-concept exploits and remediation validation reports
  • Familiarity with SDLC integration and working directly with development teams on fix guidance
  • Strong written and verbal communication skills;able to translate technical findings for varied audiences
 Preferred Qualifications:
  • Relevant certifications: OSCP, GPEN, GWAPT, CEH, or equivalent
  • Experience with bug bounty or crowdsourced vulnerability programs
  • Familiarity with financial services regulatory requirements (PCI-DSS, FFIEC, SOX)
  • Scripting/automation skills (Python, Bash, Burp extensions) for retesting workflows
  • Experience with CI/CD pipeline security tooling (SAST/DAST integration)
  • Tools & Environment (Preferred Familiarity)
  • Burp Suite Professional, Nuclei, Caido
  • Git-based workflows and code review
  • Cloud platforms (AWS, Azure, GCP) security configurations
  • Container/Kubernetes security fundamentals

About the Company

L

Lancesoft

We are a $125 Million, NMSDC-certified Minority & Woman owned Workforce Solutions Company headquartered in the DC metro area with presence across US with global presence - Canada, Mexico, India, UK, Malaysia, Indonasia, Hongkong, Singapore, UAE. We are specialized in providing Workforce Solutions, SOW project delivery, Engineering Solutions, Creative Services. We currently support 100+ Fortune companies globally and across multiple industry segments. We are currently supporting several massive programs across industry segment nationally/globally (Intel, Ally, AMD, QUALCOMM, Morgan Stanley, Kraft/ Mondelez, MNP, Amdocs, Dell, SanDisk, Medtronic, Becton Dickinson, GE, Lockheed Martin, UTC, L-3 Communications, Caterpillar, BMW, Mercedes Benz, National Grid, Dominion, Energy Future Holdings, PSEG, 3M, Fidelity, Aetna, Humana, Johnson & Johnson, Pfizer, Merck etc). 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, identity, national origin, disability, or protected veteran status.

COMPANY SIZE
2,000 to 2,499 employees
INDUSTRY
Staffing/Employment Agencies
FOUNDED
2000
WEBSITE
http://www.lancesoft.com/