Careers · Pen Testing

Penetration Tester

Hands-on testing across web, network, cloud, mobile, and more: the manual work that starts where a scanner stops.

  • Remote or in-office
  • Full-time
  • Pen Testing

This is where OSec started, breaking in by hand for people who needed to know what a real attacker could reach. We test across every kind of target, and we go deep. You’ll bring breadth across the common ones and real depth in at least one, then keep adding specialties as the work demands. Every finding you prove makes the bench and the platform sharper.

What you’ll do

  • Scope and run penetration tests across varied targets: web and mobile apps, networks, APIs, cloud, and whatever the engagement puts in front of you.
  • Test by hand, past the point automated tooling gives up. The interesting bugs need a human.
  • Chain findings into real impact, then write them up so the fix is obvious.
  • Pick up new target types and specialties as clients need them. The field never sits still.
  • Feed what works back to the bench and the platform.

What you bring

  • Solid hands-on testing across more than one target class (web, network, API, cloud, or mobile).
  • Real manual exploitation skill, not just running and reading a scanner.
  • A methodology you can defend (OWASP, PTES, NIST) and the judgment to know when to leave it.
  • Clear, honest reporting. The report is the product the client keeps.
  • Proof you can do the work: OSCP or equivalent, a portfolio, or a track record.

Bonus points

  • A specialty you go deep on: cloud, mobile, hardware, or application logic.
  • Original research, a CVE, or tooling you’ve published.
  • A knack for learning a new target type fast.

The setup

Remote or in one of our offices, wherever you do your best work. Independent, which keeps us answering to the work and the people we do it for. We hire slowly and keep people a long time. If that sounds like the place, send your work, not a cover letter.

Book a 30-min call