1

Security Penetration Tester Jobs (NOW HIRING)

Penetration Tester

Washington, DC · On-site

$130K - $145K/yr

As a Junior Product and Hardware Security Penetration Tester, you will have the chance to work on cutting-edge technologies and contribute to the enhancement of security across a wide range of ...

Penetration Tester

Washington, DC · Hybrid

$130K - $145K/yr

As a Junior Product and Hardware Security Penetration Tester, you will have the chance to work on cutting-edge technologies and contribute to the enhancement of security across a wide range of ...

Penetration Tester

Herndon, VA · Hybrid

$130K - $145K/yr

As a Junior Product and Hardware Security Penetration Tester, you will have the chance to work on cutting-edge technologies and contribute to the enhancement of security across a wide range of ...

Required : • 3+ years' experience in three or more specific areas to include: intelligence analysis, network engineering, networking security, penetration testing, red team operations, hardware ...

Automated Testing, AWS Cloud Computing, Infrastructure Penetration Testing, Security Controls ... Courts (AO) by conducting security, penetration, and vulnerability assessments required prior to ...

Required : • 3+ years' experience in three or more specific areas to include: intelligence analysis, network engineering, networking security, penetration testing, red team operations, hardware ...

Dark Wolf is looking for a Penetration Tester who will plan and perform continuous cross-domain ... security vulnerability analysis. The candidate will analyze both commercial and federal mission ...

Dark Wolf is looking for a Penetration Tester who will plan and perform continuous cross-domain ... security vulnerability analysis. The candidate will analyze both commercial and federal mission ...

CCNA Cyber Ops, CCNA-Security, CEH, CFR, Cloud+, CySA+, GCIA, GCIH, GICSP, SCYBER, Security+ CE, SSCP * Demonstrated experience with Kali Linux. * Demonstrated penetration testing tools experience ...

REQUIRED QUALIFICATIONS 5+ years of experience in security applications and systems Minimum of 5 years of Information Security Engineer/Consultant experience with application penetration testing.

Penetration Tester

Arlington, VA · On-site

$86K - $138K/yr

CCNA Cyber Ops, CCNA-Security, CEH, CFR, Cloud+, CySA+, GCIA, GCIH, GICSP, SCYBER, Security+ CE, SSCP * Demonstrated experience with Kali Linux. * Demonstrated penetration testing tools experience ...

SkyePoint Decisions is seeking a Penetration Tester to support the Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative ...

Company Description REQUIRED QUALIFICATIONS • 5+ years of experience in security applications and ... with application penetration testing. • Minimum of 5 years of demonstrated experience with ...

Penetration Tester

Chantilly, VA · On-site

$150K - $195K/yr

Pen Testers are also responsible for performing security focused services to improve the security ... Leads penetration tests, mentoring junior testers, and providing technical guidance to stakeholders.

Penetration Tester

Chantilly, VA · On-site

$90K - $130K/yr

CDT is looking for a Penetration Tester to This will be supporting a government customer onsite in ... Responsible for performing security focused services to improve security posture. * Conduct test ...

Penetration Tester

Chantilly, VA · On-site

$150K - $195K/yr

Pen Testers are also responsible for performing security focused services to improve the security ... Leads penetration tests, mentoring junior testers, and providing technical guidance to stakeholders.

next page

Showing results 1-20

Security Penetration Tester information

See salary details

$22.5K

$119.9K

$168.5K

How much do security penetration tester jobs pay per year?

As of Jul 17, 2026, the average yearly pay for security penetration tester in the United States is $119,895.00, according to ZipRecruiter salary data. Most workers in this role earn between $96,000.00 and $141,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Security Penetration Tester, and why are they important?

To thrive as a Security Penetration Tester, you need a strong understanding of network security, vulnerability assessment, and ethical hacking, often supported by a degree in computer science or cybersecurity and certifications like OSCP or CEH. Familiarity with penetration testing tools such as Metasploit, Burp Suite, and Nmap, as well as knowledge of scripting languages, is typically required. Exceptional analytical thinking, attention to detail, and effective communication skills help you identify vulnerabilities and clearly report findings. These skills are vital to proactively identifying and mitigating security risks, thereby protecting organizational assets from cyber threats.

What are Security Penetration Testers?

Security Penetration Testers, often called 'pen testers' or ethical hackers, are cybersecurity professionals who simulate cyberattacks on computer systems, networks, and applications. Their goal is to identify vulnerabilities that malicious hackers could exploit. By conducting these controlled tests, they help organizations strengthen their security measures and protect sensitive information. Penetration testers document their findings and provide recommendations to improve defenses. This role requires a deep understanding of security tools, attack methodologies, and current cyber threats.

What are some common challenges Security Penetration Testers face when working with client organizations?

Security Penetration Testers often encounter challenges such as limited access to systems due to strict security policies, incomplete or outdated documentation, and time constraints for testing. Additionally, communicating technical vulnerabilities in a way that is understandable to non-technical stakeholders can be demanding. Building trust with clients and ensuring that findings are addressed rather than overlooked are also important aspects of the role, requiring strong communication and negotiation skills.

What is the difference between Security Penetration Tester vs Vulnerability Analyst?

AspectSecurity Penetration TesterVulnerability Analyst
CertificationsOSCP, CEH, GPENCISA, CISSP, GIAC
Work EnvironmentHands-on testing, simulated attacksVulnerability assessment, reporting
Industry UsageCybersecurity firms, IT departmentsSecurity teams, compliance roles

While both roles focus on identifying security weaknesses, a Security Penetration Tester actively exploits vulnerabilities to test defenses, whereas a Vulnerability Analyst primarily assesses and reports on vulnerabilities without exploiting them. Both roles require similar certifications and are integral to cybersecurity teams, but their day-to-day tasks differ significantly.

Will pentesters be replaced by AI?

Security penetration testers analyze systems for vulnerabilities using manual testing, tools, and knowledge of security protocols. While AI can assist in automating certain tasks like vulnerability scanning, human expertise is essential for complex assessments, creative problem-solving, and interpreting results. AI is more likely to augment rather than replace penetration testers in the cybersecurity field.

Can you make $500,000 a year in cyber security?

Security penetration testers can potentially earn $500,000 annually with extensive experience, advanced skills, and specialized certifications like OSCP or CISSP. Achieving this level often requires working in senior or consulting roles, managing complex projects, or working for large organizations or high-paying clients.

How much do penetration testers make?

Penetration testers typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Senior professionals with advanced skills and certifications like OSCP or CISSP can earn higher salaries, especially in high-demand markets or specialized environments.

Is 40 too old for cyber security?

Security penetration testers can be successful at any age, as the role values experience, problem-solving skills, and continuous learning. Many professionals transition into cybersecurity later in their careers, often obtaining certifications like OSCP or CISSP to demonstrate expertise regardless of age.
More about Security Penetration Tester jobs
What states have the most Security Penetration Tester jobs? States with the most job openings for Security Penetration Tester jobs include:
Infographic showing various Security Penetration Tester job openings in the United States as of July 2026, with employment types broken down into 96% Full Time, 2% Part Time, and 2% Contract. Highlights an 83% Physical, 2% Hybrid, and 15% Remote job distribution, with an average salary of $119,895 per year, or $57.6 per hour.
Penetration Tester

Penetration Tester

Dark Wolf Solutions

Washington, DC • On-site

$130K - $145K/yr

Full-time

Re-posted 20 days ago


Job description

Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This individual will play a critical role in assessing and enhancing the security of various products, including hardware, software, and embedded systems. This role demands a deep understanding of penetration testing methodologies and advanced exploit development, focusing on identifying and mitigating vulnerabilities across a wide range of technologies. As a Junior Product and Hardware Security Penetration Tester, you will have the chance to work on cutting-edge technologies and contribute to the enhancement of security across a wide range of products. If you possess a strong background in penetration testing and a passion for cybersecurity, we encourage you to apply for this pivotal role. This position is set to be supported in a hybrid work environment out of the DC Metro area. Key responsibilities include, but are not limited to:
  • Conducting comprehensive penetration testing on hardware, software, and network components.
  • Performing advanced vulnerability scanning and assessments on all components.
  • Performing a Cybersecurity evaluation of the product under test to identify vulnerabilities that would negatively impact the Confidentiality, Integrity, or Availability of system data or functionality.
  • Analyzing software, firmware, hardware, and/or RF components within the system.
  • Opining on the impact and level of effort required to exploit the identified vulnerabilities as well as providing information on a high-level remediation strategy.
  • Developing and executing exploits and proof-of-concept (PoC) attacks to demonstrate the impact of identified vulnerabilities.
  • Analyzing and reverse engineering firmware and embedded systems to identify security weaknesses.
  • Testing and assessing the security of secure boot processes and Trusted Execution Environments (TEE).
  • Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing.
  • Performing manual verification of vulnerabilities, assessing their risk and exploitability.
  • Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth, and Zigbee networks.
  • Utilizing Software Defined Radio (SDR) for protocol reverse engineering and testing.
  • Reporting detailed findings, documenting case details, and providing actionable recommendations for remediation to enhance product security based on system analysis.
  • Planning and executing full-scale, cross-domain vulnerability assessments, network penetration testing, and phishing/social engineering campaigns.
Required Qualifications:
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Engineering, or a related field
  • Minimum of 2+ years' experience in three or more specific areas to include: intelligence analysis, network engineering, networking security, penetration testing, red team operations, hardware engineering, software engineering, exploit development, reverse engineering, vulnerability assessment, physical security assessments, or social engineering
  • Proficiency with cloud technology and deployments across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
  • Proficiency in the testing and assessment of mobile operating systems, embedded systems, and/or IoT devices
  • Experience in drafting reports, documenting case details, and summarizing findings and recommendations based on system analysis
  • Experience performing advanced vulnerability scanning and assessments on all components
  • Experience conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API security testing
  • Demonstrated strong written and verbal communication skills
  • Strong understanding of NIST 800-53 frameworks
  • US Citizenship and an active security clearance at a minimum of the Secret Level
Desired Qualifications:
  • Familiarity with NIST 800-171 Revision 2
  • Proven ability to develop and execute complex exploits and PoC attacks
  • Strong analytical skills and experience in firmware, binary exploitation, and embedded systems testing
  • Advanced knowledge of Software Defined Radio (SDR) and protocol reverse engineering
  • Active professional certifications such as CEH, OSCP, PNPT, GPEN, or similar security/pen testing certifications

The salary range for this position is $130,000.00 - $145,000.00 commensurate on experience and technical skillset.
We are open to considering a variety of levels of experience for these projects and potential for 1099 hourly opportunity.
We are proud to be an EEO/AA Employer Minorities/Women/Veterans/Disabled and other protected categories.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification from upon hire.