Principal PenTester (Remote – WebApp focus)

Principal PenTester (Remote – WebApp focus) Location: Remote (USA based candidates only) Salary: DOE + Benefits Contract Type: Full time - permanent (remote - USA) Company: Confidential Specialist Security Consultancy Location: Remote (US based or Global) Position: Penetration Tester Level: Mid level to Principal Consultant Salary: Competitive, dependent on experience Background A specialist penetration testing consultancy is seeking an experienced penetration tester with a primary focus on application security testing, alongside exposure to infrastructure penetration testing. The company is small, highly specialised, and focused on delivering high quality offensive security services. The role offers hands-on technical work, problem solving, and close collaboration with skilled security professionals in a supportive environment. Perks • Fully remote working • Flexible working hours • Unlimited paid time off • Training and conference budget • Medical and dental benefits (for US employees) • Strong engineering led culture focused on growth and development • Opportunity to work with a highly capable and collaborative team • High customer satisfaction and repeat client base Requirements • Strong experience delivering complex application penetration tests across common web technologies • Broad skillset with the ability to support additional assessments such as internal networks, cloud, red teaming, mobile, or social engineering • Ability to produce clear, professional penetration test reports • Comfortable presenting findings to both technical and non technical stakeholders Nice to Have • Experience leading penetration tests end to end, from scoping through delivery • Published security research, CVEs, or open source tooling • Active involvement in security projects, CTFs, or the wider offensive security community • Ability to read and write code in common programming languages • Strong written and verbal communication skills • Degree in Computer Science or a related discipline • Completion of relevant security courses, books, or MOOCs • Industry recognised certifications such as OSCP, OSCE, OSWA, OSWE, CRTO, BSCP, or similar Apply tot his job