Penetration Testing Engineer – Network Security- job post
Job Description
4.44.4 out of 5 stars
United States
Full-time
Job details
Job type
- Full-time
BenefitsPulled from the full job description
- Parental leave
- Health insurance
- 401(k) matching
- Paid time off
Full job description
RemoteFull time
United States
Description
The Penetration Testing Engineer – Network Security is a hands-on client facing offensive security role responsible for executing network, cloud, and adversary-emulation engagements under established methodologies. This role goes beyond point-in-time vulnerability testing and actively contributes to red team and purple team operations, including social engineering, attack-path validation, and defensive collaboration.
Penetration Testing Engineers work closely with senior testers, red team leads, detection engineers, and clients to identify exploitable weaknesses, simulate real-world threat actor behavior, and validate security controls. This role is ideal for practitioners with a strong networking foundation who are ready to operate as adversaries while contributing to high-quality reporting and continuous improvement of testing capabilities.
Requirements
Typical Experience
3–5 years of experience in IT, cybersecurity, or offensive security
Prior exposure to penetration testing, red team activities, SOC collaboration, or adversary emulation
Experience performing internal, external, or cloud network security assessments
Core Responsibilities
Network & Infrastructure Penetration Testing
Execute internal and external network penetration tests, including attack-path discovery and privilege escalation
Perform port scanning, service enumeration, and network mapping using industry-standard tools
Identify and validate misconfigurations, weak authentication, segmentation failures, and trust boundary issues
Assess on-prem and cloud network architectures (AWS, Azure, hybrid environments)
Red Team & Purple Team Operations (Required)
Participate in red team engagements simulating real-world adversaries
Execute TTP-driven attacks aligned to frameworks such as MITRE ATT&CK
Support purple team exercises by collaborating with defensive teams to:
Validate detections
Tune alerts
Measure defensive coverage
Provide clear attacker-perspective feedback to blue teams and security leadership
Social Engineering (Required)
Support and/or execute social engineering campaigns, including:
Phishing (email-based and credential harvesting)
Vishing and pretexting (as authorized)
Physical security testing support (where in scope)
Assist in campaign planning, execution, and ethical handling of sensitive data
Document social engineering outcomes with clear business and risk context
Reporting & Communication
Draft clear, accurate technical findings with reproduction steps and evidence
Contribute to executive summaries that explain risk, impact, and attack feasibility
Communicate findings effectively to:
Technical teams
Defensive stakeholders
Non-technical leadership
Support remediation validation and re-testing activities
Tooling & Continuous Improvement
Use and help improve offensive tooling, scripts, and testing infrastructure
Support automation efforts for discovery, enumeration, and validation
Continuously develop skills in network attacks, cloud security, and adversary techniques
Technical Skills & Knowledge
Required Technical Skills
Strong understanding of:
TCP/IP, routing, DNS, DHCP
Network segmentation and trust boundaries
Hands-on experience with:
Port scanning and enumeration (e.g., Nmap)
Vulnerability identification and validation
Familiarity with common network attack vectors:
Weak credentials
Misconfigured services
Excessive trust and lateral movement paths
Working knowledge of firewalls, VPNs (IPSec/SSL), and access controls
Basic scripting for automation (Bash, Python, or PowerShell)
Cloud & Hybrid Environments
Navigating cloud platforms (AWS and/or Azure)
Understanding:
Security groups / NSGs
IAM users, roles, and policies
Storage services (S3, Blob Storage)
Identifying cloud-specific misconfigurations and exposure risk
Red / Purple Team & Social Engineering Requirements
This role requires demonstrated interest or experience in:
Adversary emulation and red team testing
Purple team collaboration with SOC and detection teams
Social engineering techniques and ethical execution
Translating attacker actions into defensive improvement opportunities
Candidates should be motivated to think like attackers while improving organizational resilience.
Soft Skills & Professional Expectations
Strong curiosity and desire to continuously improve offensive skills
Ability to accept feedback and iterate on findings and techniques
Professional judgment, ethical conduct, and respect for authorization boundaries
Clear written and verbal communication skills
Ability to collaborate effectively across offensive and defensive teams
Certifications (Optional but Beneficial)
While hands-on ability is prioritized, certifications that align with this role include:
Network or security fundamentals
Offensive security or red team–oriented certifications
Social engineering or adversary emulation training
Benefits
The company is a cybersecurity services firm headquartered in Chicago, IL. We are dedicated to improving our client’s security posture by providing continuous penetration testing, training services, and talent solutions.
In addition to our professional cybersecurity service offerings, Evolve Security offers a cybersecurity bootcamp, currently ranked the #1 cybersecurity bootcamp in the world. The Cybersecurity Bootcamp in Chicago provides immersive training, giving students the concrete and practical skills, needed on the job. Students gain real work experience through live security assessment work that they perform on not-for-profit companies.
We are passionate about directly improving our customers’ security posture, and we proudly train others to help meet the need for qualified cybersecurity talent.
Benefits Include
Healthcare Benefits
401(k) Match
Parental Leave
Flexible Paid Time Off
Annual vacation reimbursement
This website uses cookies to improve user’s experience, personalise ads and analyse traffic. You can accept all cookies, decline all optional cookies, or manage your cookie settings. To learn more, view our cookies policy.
Cookies settings
Accept all
Decline all
