1

Pen Testing Jobs (NOW HIRING)

Build and improve Clearwing's source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines. * Design agentic workflows for reconnaissance, static analysis ...

Partner with our Sales Engineering team to lead deep-dive sessions on autonomous pen-testing and offensive AI. * Drive PoCs: Lead the charge in converting interest into Proof of Concepts (PoCs ...

... • Pen Testing • Vulnerability • IT Audit Preferred : • CISSP • SANS Company : As one of the world's most dynamic and highly regarded IT recruitment consultancies. Founded in 1986, the ...

Partner with our Sales Engineering team to lead deep-dive sessions on autonomous pen-testing and offensive AI. * Drive PoCs: Lead the charge in converting interest into Proof of Concepts (PoCs ...

You'll work directly with our Security Engineering, IT, Legal, and Compliance teams to drive initiatives from pen testing cycles to SOC 2 compliance. This is a hands-on role where you'll build ...

Partner with our Sales Engineering team to lead deep-dive sessions on autonomous pen-testing and offensive AI. * Drive PoCs: Lead the charge in converting interest into Proof of Concepts (PoCs ...

Build and improve Clearwing's source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines. * Design agentic workflows for reconnaissance, static analysis ...

Practical experience interpreting findings from application pen testing, code scanning and open-source scanners to determine the risk and collaborate with developers to resolve them * Understanding ...

Sr. Application Security Engineer

Redlands, CA · On-site

$59 - $79/hr

... testing, and false positive analysis of code, pen test, and open-source security findings • Demonstrated experience determining risk based on analysis/findings using a consistent risk management ...

Penetration Tester

Herndon, VA · Hybrid

$130K - $145K/yr

Active professional certifications such as CEH, OSCP, PNPT, GPEN, or similar security/pen testing certifications The salary range for this position is $130,000.00 - $145,000.00 commensurate on ...

Blue Team Operator

Washington, DC · On-site

$127K - $138K/yr

Identification and Validation of Security Flaws, Network Mapping / Network Analysis, Vulnerability Analysis, Pen-testing network filters and security countermeasures, Threat Hunting, Incident ...

Penetration Tester

Washington, DC · Hybrid

$130K - $145K/yr

Active professional certifications such as CEH, OSCP, PNPT, GPEN, or similar security/pen testing certifications The salary range for this position is $130,000.00 - $145,000.00 commensurate on ...

next page

Showing results 1-20

Pen Testing information

See salary details

$9

$19

$31

How much do pen testing jobs pay per hour?

As of Jul 12, 2026, the average hourly pay for pen testing in the United States is $19.14, according to ZipRecruiter salary data. Most workers in this role earn between $15.38 and $19.23 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Penetration Tester, and why are they important?

To thrive as a Penetration Tester, you need a solid understanding of network security, vulnerability assessment, and ethical hacking, often backed by a degree in computer science or cybersecurity and industry certifications like CEH or OSCP. Familiarity with tools such as Metasploit, Burp Suite, and Nmap, as well as various operating systems, is typically required. Strong analytical thinking, problem-solving skills, and effective communication set top performers apart when explaining findings to technical and non-technical stakeholders. These skills ensure that vulnerabilities are thoroughly identified and addressed, helping organizations protect critical data and systems.

What are some common challenges faced by penetration testers when working on client projects?

Penetration testers often encounter challenges such as limited timeframes to conduct thorough assessments, incomplete or outdated documentation from clients, and the need to clearly communicate technical findings to non-technical stakeholders. They may also face restrictions on testing certain systems due to business constraints or potential operational impact. Building trust with clients and ensuring testing activities do not disrupt critical services are also important aspects of the role.

What is the difference between Pen Testing vs Vulnerability Assessment?

AspectPen TestingVulnerability Assessment
PurposeSimulates attacks to identify exploitable vulnerabilitiesIdentifies and prioritizes security weaknesses
DepthIn-depth, targeted testingBroad, overview of vulnerabilities
CertificationsOSCP, CEH, GPENCISA, CISSP, CEH
Work EnvironmentHands-on, technical testingAnalysis and reporting

Pen Testing involves actively exploiting vulnerabilities to assess security defenses, while Vulnerability Assessment focuses on identifying and prioritizing potential weaknesses without exploiting them. Both are essential for a comprehensive security strategy but serve different roles in cybersecurity testing.

Is pen testing a good career?

Penetration testing, or pen testing, is a cybersecurity role focused on identifying vulnerabilities in systems and networks. It requires technical skills, knowledge of security tools, and often certifications like OSCP or CEH. The field offers high demand, competitive salaries, and opportunities for continuous learning, making it a strong career choice for those interested in cybersecurity.

What is pen testing?

Pen testing, short for penetration testing, is a cybersecurity practice where professionals simulate attacks on a computer system, network, or application to identify vulnerabilities that malicious hackers could exploit. The goal is to proactively find and fix security weaknesses before they can be used in real-world attacks. Pen testers use a variety of tools and techniques to mimic the methods of cybercriminals, and then provide detailed reports with recommendations for improving security. Organizations often conduct pen tests regularly as part of their overall security strategy.

How do I become a pen tester?

To become a penetration tester, you should gain a strong understanding of computer networks, operating systems, and security principles, often through a degree in cybersecurity, computer science, or related fields. Earning industry-recognized certifications such as Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH) can improve job prospects, and practical experience with tools like Kali Linux, Metasploit, and Wireshark is essential.

What qualifications do you need to be a pen tester?

To become a penetration tester, candidates typically need a strong understanding of networking, operating systems, and security principles, along with proficiency in scripting and using security tools. Relevant certifications such as Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) are highly valued. Practical experience through labs, internships, or hands-on projects is also important for demonstrating skills in identifying vulnerabilities and exploiting security flaws.

How much can you make pen testing?

Penetration testers typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Senior roles or those with specialized skills in tools like Kali Linux or Metasploit can earn higher salaries, especially in high-demand industries or regions with a strong cybersecurity market.
More about Pen Testing jobs
What cities are hiring for Pen Testing jobs? Cities with the most Pen Testing job openings:
What states have the most Pen Testing jobs? States with the most job openings for Pen Testing jobs include:
Applied Cybersecurity AI Researcher

Applied Cybersecurity AI Researcher

Lazarus

Boston, MA • On-site

$180K - $200K/yr

Other

Medical, Dental, Vision, Retirement

Posted 19 days ago


Job description

Job Overview

You'll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting. You'll combine hands-on offensive security work with LLM agent development, eval design, and product engineering. The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities.

Responsibilities

  • Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems.
  • Build and improve Clearwing's source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines.
  • Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting.
  • Perform static analysis to identify vulnerable patterns, reachable attack surfaces, and exploitability conditions.
  • Conduct authorized live testing against networks, services, containers, lab targets, and operational environments.
  • Develop and validate proof-of-concept exploits in controlled, authorized settings.
  • Build evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance.
  • Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities.
  • Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies.
  • Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance.

Requirements

  • 3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering.
  • Practical experience with at least two of:
    • Static analysis
    • Dynamic analysis
    • Binary exploitation
    • Web application security
    • Network penetration testing
    • Cloud/container security
    • Malware analysis or reverse engineering
    • Detection engineering
  • Strong Python skills and comfort building automation around security tools
  • Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows
  • Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation
  • Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows
  • Strong written communication skills for technical findings, customer-facing reports, and internal research notes
  • Clear judgment around authorization, responsible disclosure, and dual-use security tooling

Nice-to-haves

  • Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz
  • Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities
  • Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation
  • Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines
  • Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting
  • Experience with Rust, Go, C/C++, or systems programming
  • Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers

Benefits

  • Comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings plans
  • Opportunities for growth and professional development
  • A collaborative and supportive company culture that values diversity and inclusion
  • Access to cutting-edge technology and resources for research and development
  • Compensation (commensurate with experience): $180,000 - $200,000 (base salary) + equity

Preferred Locations: AZ, CA, CO, CT, DC, FL, KS, ME, MD, MA, MN, NV, NH, NJ, NM, NY, PA, SC, TX, VA, WA