1

Cyber Security Penetration Jobs (NOW HIRING)

They are seeking a Penetration Tester I to perform proactive cybersecurity penetration attacks on digital systems, document actions in detail, and create reports on security breaches.

Overview Avionics Penetration Tester - Mid-Level - TGEE LOCATION: Edwards AFB, CA Salary Range ... The 48th CTS/Det 1 conducts Cyber Security Test & Evaluation of Embedded Avionics & Weapons Systems ...

next page

Showing results 1-20

Cyber Security Penetration information

See salary details

$40.5K

$122.9K

$180K

How much do cyber security penetration jobs pay per year?

As of Jul 15, 2026, the average yearly pay for cyber security penetration in the United States is $122,890.00, according to ZipRecruiter salary data. Most workers in this role earn between $102,000.00 and $142,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Security Penetration Tester, and why are they important?

To thrive as a Cyber Security Penetration Tester, you need a deep understanding of network security, vulnerability assessment, ethical hacking methodologies, and typically hold a degree in computer science or related certifications like CEH or OSCP. Familiarity with penetration testing tools such as Metasploit, Burp Suite, and Nessus, as well as secure coding practices and operating systems, is essential. Strong analytical thinking, problem-solving skills, and effective communication are crucial soft skills for reporting findings and working with diverse teams. These skills ensure the ability to identify and remediate security vulnerabilities, protect organizational assets, and communicate risks clearly to stakeholders.

What is a Cyber Security Penetration Tester?

A Cyber Security Penetration Tester, often called a 'pen tester,' is a professional who simulates cyberattacks on computer systems, networks, and applications to identify security vulnerabilities before malicious hackers can exploit them. They use various tools and techniques to assess the strength of an organization’s defenses and provide recommendations to improve security. Pen testers play a crucial role in helping organizations protect sensitive data and comply with industry regulations.

What is the difference between Cyber Security Penetration vs Cyber Security Analyst?

AspectCyber Security PenetrationCyber Security Analyst
CertificationsOSCP, CEH, GPENCISSP, Security+, CEH
Work EnvironmentSimulated attacks, offensive securityMonitoring, incident response, defense
Employer UsagePenetration testing firms, security consultanciesIn-house security teams, organizations

Cyber Security Penetration specialists focus on identifying vulnerabilities through simulated attacks, while Cyber Security Analysts monitor and defend against threats. Both roles require similar certifications but differ in their primary focus: offensive testing versus defensive analysis.

What are some common challenges faced by cyber security penetration testers during assessments?

Penetration testers often encounter challenges such as limited access to information about target systems, strict time constraints for completing assessments, and maintaining up-to-date knowledge of rapidly evolving security threats and tools. They must also navigate complex organizational networks without disrupting business operations. Effective communication with clients and collaborating with IT teams to ensure findings are accurately understood and remediated are key aspects of the role.
More about Cyber Security Penetration jobs
Infographic showing various Cyber Security Penetration job openings in the United States as of July 2026, with employment types broken down into 1% Internship, 95% Full Time, 2% Part Time, and 2% Contract. Highlights an 92% Physical, 2% Hybrid, and 6% Remote job distribution, with an average salary of $122,890 per year, or $59.1 per hour.
Principal, Cybersecurity Penetration Tester

Principal, Cybersecurity Penetration Tester

Fidelity Investments

Durham, NC

Full-time

Posted 28 days ago


Fidelity Investments rating

8.7

Company rating: 8.7 out of 10

Based on 266 frontline employees who took The Breakroom Quiz

17th of 148 rated financial services


Job description

Job Description:

Position Description:

Performs security assessments of applications prior to production deployment using Static Code Analysis, dynamic testing tools, and manual techniques. Assists in establishing the strategy, policy, and standards of security for cybersecurity operations. Develop custom Python scripts to automate repetitive tasks. Defends enterprise against attacks, damage, and unauthorized access to information, data, and systems. Ensures threat and vulnerability reduction, deterrence, incident response, resiliency, and recovery policies and activities are up to date. Proactively identifies vulnerabilities in proprietary applications prior to production release and remediates identified vulnerabilities to prevent real-life cyberattacks.

Primary Responsibilities:

  • Performs advanced Web application source code auditing.
  • Analyzes codes, writes scripts, and exploits web vulnerabilities.
  • Analyzes test results, draw conclusions from results.
  • Identifies vulnerabilities by performing thorough evaluations of security vulnerabilities on Web and mobile applications.
  • Collaborates with application developers to mitigate risk and improve security posture.
  • Performs security testing on web and mobile applications to support production releases.
  • Models potential external threats by replicating the techniques and tools used by malicious attackers.
  • Prepares reports on completed assessments and present results to application owners, developers, and business unit information security teams.
  • Consults with operations and software development teams to ensure potential weaknesses are addressed.
  • Contributes to the research and development of tools to assist in the vulnerability discovery process.
  • Keeps abreast of current cybersecurity best practices and vulnerabilities.
  • Conducts peer reviews to facilitate continuous improvement across the team.

Education and Experience:

Bachelor's degree in Computer Science, Engineering, Information Technology, Information Systems, or a closely related field (or foreign education equivalent) and five (5) years of experience as a Principal, Cybersecurity Penetration Tester (or closely related occupation) performing black and white box testing to protect against cyber threats and ensure application security (web, mobile, API, and thick client).

Or, alternatively, Master's degree in Computer Science, Engineering, Information Technology, Information Systems, or a closely related field (or foreign education equivalent) and three (3) years of experience as a Principal, Cybersecurity Penetration Tester (or closely related occupation) performing black and white box testing to protect against cyber threats and ensure application security (web, mobile, API, and thick client).

Skills and Knowledge:

Candidate must also possess:

  • Demonstrated Expertise ("DE") estimating risks on security flaws uncovered during static or dynamic analysis in line with the OWASP testing guide; conducting pen-testing on applications to uncover security vulnerabilities - Injection attacks, Server-side attacks, Privilege escalation, GraphQL batching attacks, or JWT signature manipulation attacks - using BurpSuite Professional Edition, Fiddler, Kali Linux, and SQLMap.
  • DE analyzing source code for security weaknesses, writing custom scripts, exploiting security vulnerabilities, and conducting retests to determine mitigation measures implemented by development teams, through a combination of manual analysis by using BurpSuite Professional, and automated scans using GitHub Advanced Security(GHAS) and MEND.
  • DE analyzing Common Vulnerability Exposure (CVE) on third party libraries, using Veracode SCA, MEND, Exploit-DB, and NVD databases; and coordinating actions associated with the dismissal or reopening of policy violation alerts related to security, licensing, and coding standards using GitHub Advanced Security (GHAS).
  • DE crafting custom scripts to effectively automate labor-intensive manual tasks (logging security findings, preparing weekly status reports, verifying artifact correctness) and empower the efficient allocation of resources, enhancing the overall security assessment process, using Python or Selenium.

#PE1M2

#LI-DNI

Certifications:Category:Information Technology

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.


What Fidelity Investments employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom