2

Remote Pen Tester Jobs (NOW HIRING)

Sr. Product Security Engineer II

Burlington, MA · Remote

$124K - $170K/yr

Establish technical standards for account management, privilege management, remote access/service ... SAST, DAST, SCA, fuzzers, and pen-testing frameworks. * Familiarity with cloud infrastructure (AWS ...

Sr. Product Security Engineer II

Burlington, MA · Remote

$124K - $170K/yr

Establish technical standards for account management, privilege management, remote access/service ... SAST, DAST, SCA, fuzzers, and pen-testing frameworks. * Familiarity with cloud infrastructure (AWS ...

DevSecOps Engineer

OR · Remote

$125K - $155K/yr

Triage and work through vulnerabilities surfaced by pen testing, static analysis, responsible ... Setup for Remote Success. Our team is both decentralized and effective. We reimburse up to $400 for ...

DevSecOps Engineer

$125K - $155K/yr

Triage and work through vulnerabilities surfaced by pen testing, static analysis, responsible ... Setup for Remote Success. Our team is both decentralized and effective. We reimburse up to $400 for ...

Chicago or Remote US About VikingCloud VikingCloud is the leading Predict-to-Prevent cybersecurity ... pen testing, and wireless networking. Certification Requirements: Have at least one industry ...

Staff+ Application Security Engineer

$60.25 - $80.25/hr

Staff+ Application Security Engineer Remote-Friendly (Travel-Required) | San Francisco, CA ... Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and ...

Strong understanding of modern security testing methodologies (e.g., pen testing, bug bounty ... Environment - remote, work-from-home 100% of the time. Pay Range Disclosure At Bugcrowd, we strive ...

Chicago or Remote US About VikingCloud VikingCloud is the leading Predict-to-Prevent cybersecurity ... pen testing, and wireless networking. Certification Requirements: Have at least one industry ...

... pen testing, and networking protocols to support our government clients. We're looking for someone ... Remote : If this position is listed as remote, there may still be occasions when you are required ...

Remote - (Europe) How You'll Make an Impact: As a Cloud Security Analyst on our Security team, you ... Support incident response and forensics in cloud environments, including scenario testing and ...

This is a remote position open to candidates residing in the Midwest region within the US except ... The industries we serve have relied on pen-and-paper solutions for years and haven't been met with ...

This is a remote position open to candidates residing in the Northeast region within the US except ... The industries we serve have relied on pen-and-paper solutions for years and haven't been met with ...

... conduct testing of alpha products/features, manage projects, and build process improvements and ... This is a remote position open to candidates residing in the Northeast region of the United States ...

next page

Showing results 1-20

Remote Pen Tester information

See salary details

$11

$47

$69

How much do remote pen tester jobs pay per hour?

As of Jul 3, 2026, the average hourly pay for remote pen tester in the United States is $47.54, according to ZipRecruiter salary data. Most workers in this role earn between $37.50 and $56.01 per hour, depending on experience, location, and employer.

What is a Remote Pen Tester job?

A Remote Pen Tester is a cybersecurity professional who assesses the security of systems, networks, and applications by simulating cyberattacks from an external location. They identify vulnerabilities, exploit weaknesses, and provide recommendations to strengthen security. This role requires expertise in ethical hacking, penetration testing tools, and security frameworks. Remote Pen Testers often work for cybersecurity firms, as freelancers, or in-house for organizations needing security assessments.

What does a typical day look like for a Remote Pen Tester?

A typical day for a Remote Pen Tester involves conducting security assessments of networks, websites, or applications, identifying vulnerabilities, and documenting findings in detailed reports. You’ll often collaborate with IT teams or clients via video calls and chat platforms to discuss scope, methodologies, and results. In addition to hands-on testing, you may spend time updating your knowledge on the latest security threats and tools. The role offers autonomy and flexibility but also requires strong self-management skills to meet project deadlines and maintain clear communication with distributed teams. Over time, successful pen testers can progress to lead roles or broaden their expertise in specialized areas such as red teaming or security consulting.

What are the key skills and qualifications needed to thrive in the Remote Pen Tester position, and why are they important?

To thrive as a Remote Pen Tester, you need expertise in network and application security, vulnerability assessment, and penetration testing, often supported by a degree in information security or computer science. Familiarity with tools like Metasploit, Burp Suite, Nmap, and relevant certifications such as OSCP or CEH is highly valued. Excellent written communication, analytical thinking, and self-motivation are crucial soft skills, especially when working independently and with distributed teams. These skills and qualities are vital for effectively identifying security weaknesses, creating actionable reports, and collaborating remotely with clients or technical teams.

More about Remote Pen Tester jobs
What cities are hiring for Remote Pen Tester jobs? Cities with the most Remote Pen Tester job openings:
What states have the most Remote Pen Tester jobs? States with the most job openings for Remote Pen Tester jobs include:
Infographic showing various Remote Pen Tester job openings in the United States as of June 2026, with employment types broken down into 6% Internship, 12% As Needed, 37% Full Time, 31% Part Time, 8% Contract, and 6% Nights. Highlights an 37% Physical, 3% Hybrid, and 60% Remote job distribution, with an average salary of $98,889 per year, or $47.5 per hour.
Sr. Product Security Engineer II

Sr. Product Security Engineer II

Glaukos

Burlington, MA • Remote

$124K - $170K/yr

Full-time

Posted 18 days ago


Job description

What You'll Do: 

The Senior Product Security Engineer, based in Burlington Massachusetts, is a critical, high-level engineering position responsible for designing, implementing, and validating cybersecurity controls across the full medical device product lifecycle. This role is hands-on and technical, working directly with firmware, software, and system engineering teams to ensure our Windows and Linux based devices are secure by default and maintainable in the field. The role provides technical leadership on architecture, hardening, secure development practices, and vulnerability remediation to meet FDA cybersecurity expectations and industry best practices.

Security Architecture and Secure-by-Design Engineering

  • Define and drive implementation of technical security requirements and risk mitigations for new products and features.
  • Create and maintain security architecture diagrams and models, including trust boundaries, data flows, and security control placement.
  • Lead threat modeling for device features and connectivity use cases (local, network, cloud, removable media, service interfaces).
  • Specify and review security control designs for authentication/authorization, secure communications, cryptographic key handling, secure logging, secure storage, and secure update mechanisms.
  • Embed secure development practices into the engineering lifecycle: threat modeling, secure design reviews, secure coding, peer review criteria, and security gates for releases.
  • Work with IEC 81001-5-1 standard 

Platform Hardening (Windows and Linux Devices)

  • Partner with engineering teams to implement OS and application hardening measures, such as least privilege, service isolation, secure boot, host firewalling, and endpoint logging.
  • Establish technical standards for account management, privilege management, remote access/service modes, and secure debug/manufacturing workflows.

Firmware and Software Security Engineering

  • Work with firmware teams to improve security of embedded components, device interfaces, and update flows (signed firmware, integrity verification, rollback considerations).
  • Work with software teams to implement secure coding practices and standards.
  • Collaborate with QA to integrate automated security testing into regression and release pipelines.
  • Generate and maintain technical security artifacts used for FDA-aligned submissions and internal design controls.
  • Maintain records of vulnerability assessments, mitigations, and patch processes. 
  • Support audit and inspection readiness with thorough, traceable documentation.

Documentation and Evidence

  • Generate and maintain technical security artifacts used for FDA-aligned submissions and internal design controls.
  • Maintain records of vulnerability assessments, mitigations, and patch processes. 
  • Support audit and inspection readiness with thorough, traceable documentation.

Vulnerability & Incident Management 

  • Lead vulnerability assessment and mitigation activities for product software, firmware, OS components, and third-party libraries.
  • Coordinate cross-functional response to newly discovered vulnerabilities, including communication, remediation, and regulatory reporting. 
  • Track and monitor vulnerability disclosures from third-party libraries and components. 

Core Product Security Knowledge 

  • Secure system and software design principles (least privilege, defense in depth, threat modeling, zero trust). 
  • Risk management frameworks: NIST 800-53, NIST 800-30, ISO 27001, ISO 14971, and IEC 81001-5-1. 
  • Cryptography fundamentals (key management, TLS, symmetric/asymmetric encryption, hashing). 
  • Authentication and authorization mechanisms, identity management, and secure session handling. Secure coding standards (e.g., CERT C/C++, OWASP, MISRA, CWE/SANS Top 25). Supply chain security concepts and SBOM management (SPDX, CycloneDX). 

DevOps & Infrastructure Knowledge 

  • CI/CD security practices, secrets management, container security (Docker, Podman), and artifact signing. 
  • Common security testing tools: SAST, DAST, SCA, fuzzers, and pen-testing frameworks. 
  • Familiarity with cloud infrastructure (AWS, or on-prem Linux environments). 
  • Incident response and vulnerability disclosure processes. 

Regulatory & Documentation Knowledge 

  • Familiarity with FDA cybersecurity premarket and postmarket expectations as they relate to technical controls and objective evidence.
  • Secure update/patch management strategies (aligned with FDA "updateability & patchability" expectations). 
  • Audit-ready documentation practices and traceability to design controls. 

Cross-Functional Leadership 

  • Act as the security subject matter expert across product teams. 
  • Provide training and mentoring to engineers on secure design and coding practices. 
  • Partner with compliance, regulatory, and quality teams to align product security strategy with organizational goals

How You'll Get There: 

  • 7-10 years total professional experience in software engineering, cybersecurity, or related technical fields. 
  • 3-5 years focused on product or embedded system security, ideally within regulated or safety-critical industries (medical device, aerospace, automotive, or defense). 
  • Demonstrated experience with: 
    • Designing or assessing security architectures for embedded or connected systems. 
    • Implementing secure development lifecycle (SDL) practices within engineering teams. 
    • Leading or participating in vulnerability management and coordinated disclosure processes. 
    • Collaborating cross-functionally (engineering, QA, regulatory, IT) to 
    • IEC 81001-5-1 standard 
  • Bachelor's degree in Computer Science, Electrical/Computer Engineering, Cybersecurity, or a related field. 
  • Prior experience as a product security lead or security point of contact for a commercial medical or industrial product. 
  • Experience integrating security testing automation into CI/CD environments. 
  • Experience supporting external audits, penetration tests, or third-party security assessments. 
  • Knowledge and experience with IEC 81001-5-1 standard 

Preferred 

  • Master's degree in Cybersecurity, Software Engineering, or Systems Engineering (ideal for regulated product security leadership). 
     
#GKOSUS

Generous. Innovative. Leadership-driven. Family-oriented. Socially responsible. 

Founded in 1998, Glaukos Corporation is an ophthalmic pharmaceutical and medical technology company focused on developing and commercializing novel therapies for the treatment of glaucoma, corneal disorders, and retinal diseases.

Our mission at Glaukos is to truly transform vision by pioneering novel, dropless therapies that can meaningfully advance the standard of care and improve the lives of patients suffering from chronic, sight-threatening eye diseases. 

Innovation is at the core of everything we do, and we are resolute in our commitment to challenge conventional thinking with new treatment alternatives that are supported by real science, robust clinical evidence, and an unrelenting focus on patients. 

Our constant pursuit of game-changing technologies that disrupt legacy treatment paradigms is encapsulated in the Glaukos mantra "We'll Go First," which articulates our willingness to take chances, our determination to forge new ground, and our commitment to continuous improvement in all that we do.   

Our company completed an initial public offering in June of 2015, and our shares are traded on the New York Stock Exchange under the ticker symbol "GKOS". Our global headquarters is in Aliso Viejo, California with additional locations in San Clemente, California, and Burlington, Massachusetts.

Glaukos Corporation is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law. 


All offers of employment are contingent upon the successful completion of a background check, including successfully passing a drug screen, based on the position and local regulations.