1

Penetration Testing Consultant Jobs (NOW HIRING)

Infojini Consulting is recognized as one of the fastest growing IT services and software ... Perform penetration testing on public facing webpages and vulnerability scanning on external and ...

They are seeking a Lead Penetration Tester to manage a team, conduct penetration tests on biometric ... AutoRoboto provides mechanical engineering, manufacturing consulting, hardware, software QA testing ...

Penetration Tester II

Chandler, AZ · On-site

$60K - $180K/yr

Experience with continuous penetration testing methodologies. * Experience with planning and ... consultants. M9 was recognized as an Inc. 5000 Fastest-Growing Private Companies in 2021, 2020 ...

Penetration Tester III

Chandler, AZ · On-site

$60K - $180K/yr

Experience with continuous penetration testing methodologies. * Experience with planning and ... consultants. M9 was recognized as an Inc. 5000 Fastest-Growing Private Companies in 2021, 2020 ...

Collaborate with delivery leadership on scoping, client kickoff calls, and remediation guidance Requirements * 3-5 years of professional penetration testing experience in a delivery or consulting ...

Our services include consulting, advisory, audits and examinations for other leading security and ... We are seeking an experienced Offensive Security and Penetration Testing professional to join our ...

next page

Showing results 1-20

Penetration Testing Consultant information

See salary details

$22K

$118.6K

$165K

How much do penetration testing consultant jobs pay per year?

As of Jul 18, 2026, the average yearly pay for penetration testing consultant in the United States is $118,642.00, according to ZipRecruiter salary data. Most workers in this role earn between $91,500.00 and $153,000.00 per year, depending on experience, location, and employer.

What is a Penetration Testing Consultant job?

A Penetration Testing Consultant is a cybersecurity professional who evaluates an organization's security by simulating real-world cyberattacks. They identify vulnerabilities in networks, applications, and systems, providing recommendations to strengthen defenses. Their role involves ethical hacking, security assessments, and compliance audits. They often work with clients to improve security posture and mitigate risks before malicious attackers can exploit them.

What are the key skills and qualifications needed to thrive in the Penetration Testing Consultant position, and why are they important?

To thrive as a Penetration Testing Consultant, you need expertise in cybersecurity principles, vulnerability assessment, and ethical hacking, often supported by a degree in information security or computer science. Familiarity with tools such as Kali Linux, Metasploit, Burp Suite, and certifications like OSCP or CEH is highly beneficial. Strong analytical thinking, effective communication, and the ability to explain complex technical findings to non-technical stakeholders are standout soft skills. These competencies ensure accurate risk assessments, clear client communication, and actionable security recommendations.

What does a typical day look like for a Penetration Testing Consultant?

A typical day for a Penetration Testing Consultant involves planning and executing security assessments of client networks, applications, or systems to identify vulnerabilities. Consultants spend time analyzing findings, documenting risks, and preparing detailed reports with remediation guidance. Collaboration is also a key part of the role, as consultants often communicate with IT teams, clients, and other security professionals to ensure thorough understanding of findings and best practices. The work environment tends to be dynamic and project-based, with opportunities to learn about new technologies and face new security challenges regularly.

More about Penetration Testing Consultant jobs
What cities are hiring for Penetration Testing Consultant jobs? Cities with the most Penetration Testing Consultant job openings:
What are the most commonly searched types of Penetration Testing Consultant jobs? The most popular types of Penetration Testing Consultant jobs are:
What states have the most Penetration Testing Consultant jobs? States with the most job openings for Penetration Testing Consultant jobs include:
What job categories do people searching Penetration Testing Consultant jobs look for? The top searched job categories for Penetration Testing Consultant jobs are:
Infographic showing various Penetration Testing Consultant job openings in the United States as of July 2026, with employment types broken down into 2% Locum Tenens, 87% Full Time, 7% Part Time, and 4% Contract. Highlights an 89% Physical, 3% Hybrid, and 8% Remote job distribution, with an average salary of $118,642 per year, or $57 per hour.
Security Consultant II (Web Application Penetration Tester)

Security Consultant II (Web Application Penetration Tester)

NetSPI LLC

Minneapolis, MN

Full-time

Re-posted 12 days ago


Job description

NetSPI® pioneered Penetration Testing as a Service (PTaaS) and leads the industry in modern pentesting. Combining world-class security professionals with AI and automation, NetSPI delivers clarity, speed, and scale across 50+ pentest types, attack surface management, and vulnerability prioritization. The NetSPI platform streamlines workflows and accelerates remediation, enabling our experts to focus on deep dive testing that uncovers vulnerabilities others miss. Trusted by the top 10 U.S. banks and Fortune 500 companies worldwide, NetSPI has been driving security innovation since 2001.

NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.

Join the mission as a Security Consultant II. We are seeking a skilled and detail-oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. As a Penetration Tester supporting web applications, you will work closely with clients to deliver clear, actionable reports and contribute to the development of security best practices.

Responsibilities:

  • Conduct penetration testing engagements on web applications and underlying APIs.
  • Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture.
  • Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes
  • Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations.

Minimum Qualifications:

  • Bachelor’s degree or higher required, with a concentration in Computer Science, Engineering, Math, or IT preferred, or equivalent experience
  • Minimum of 2-3 years of work experience in application penetration testing
  • Familiarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus)
  • Familiarity with offensive and defensive IT concepts and protocols
  • Extensive understanding of the OWASP Top 10 and various security frameworks.
  • Working knowledge of Windows, Linux and MacOS operating systems internals
  • Ability to work independently and as part of a team
  • Proficient communication skills, both written and verbal
  • Willingness to travel up to 5-10%
  • This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs

Preferred Qualifications:

  • Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences
  • Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#)
  • Offensive cybersecurity certifications (e.g., GXPN, GPEN, OSCP, CISSP, GWAPT)

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.