Senior Penetration Tester

The Fountain Group United State
Remote
Apply
AI Summary

We are seeking a highly skilled Senior Penetration Tester to join our Attack & Pentest team. The successful candidate will be responsible for validating, prioritizing, and driving the closure of security vulnerabilities across the enterprise. The ideal candidate will have 3+ years of hands-on penetration testing experience and strong understanding of common vulnerability classes.

Key Highlights
Hands-on penetration testing experience
Vulnerability management
Collaboration with engineering teams
Key Responsibilities
Review and validate incoming vulnerability reports
Perform targeted retesting of remediated vulnerabilities
Monitor remediation timelines against SLAs
Maintain accurate records in the vulnerability management platform
Partner with application security, DevOps, and engineering teams to provide remediation guidance and technical context for findings
Technical Skills Required
Penetration testing Vulnerability management Offensive security
Benefits & Perks
Health insurance
Vision insurance
Dental insurance
Life insurance
Disability insurance
100% remote work
Nice to Have
Relevant certifications: OSCP, GPEN, GWAPT, CEH, or equivalent
Experience with bug bounty or crowdsourced vulnerability programs
Familiarity with financial services regulatory requirements (PCI-DSS, FFIEC, SOX)
Scripting/automation skills (Python, Bash, Burp extensions) for retesting workflows
Experience with CI/CD pipeline security tooling (SAST/DAST integration)

Job Description


Pay: $80-86/hour W2. Our company offers our consultants a suite of benefits after a qualification period including health, vision, dental, life and disability insurance.

100% remote role no expectation of onsite work.

12 month contract role with a strong chance for extension

W2 candidates only. 1099/C2C not possible under any circumstances.

Manager Notes

  • 3 plus years Experience in hands on penetration testing experience or offensive security testing
  • As a member of our Attack & Pentest team, you will serve as a frontline analyst responsible for validating, prioritizing, and driving the closure of security vulnerabilities across the enterprise.
  • You will assess findings for exploitability and business risk, retest applications and infrastructure after remediation, and work directly with engineering teams to ensure issues are resolved effectively and on schedule.
  • This is a hands-on technical role that requires both offensive security skills and the ability to communicate clearly with developers, architects, and leadership.

Responsibilities

  • Review and validate incoming vulnerability reports from Mythos; assess severity, exploitability, and business impact; de-duplicate and enrich findings with reproduction steps and evidence
  • Perform targeted retesting of remediated vulnerabilities to confirm fixes are effective and complete; document pass/fail results with technical evidence
  • Monitor remediation timelines against SLAs; coordinate with development and infrastructure teams to ensure timely closure; escalate aging findings per policy
  • Maintain accurate records in the vulnerability management platform; produce weekly status reports on open/closed/overdue findings; contribute to executive-level metrics
  • Partner with application security, DevOps, and engineering teams to provide remediation guidance and technical context for findings
  • Identify patterns in recurring vulnerabilities; recommend process or tooling improvements to reduce triage backlog

Required Qualifications

  • 3+ years of hands-on penetration testing experience (web applications, APIs, infrastructure)
  • Demonstrated experience triaging vulnerabilities at scale (CVSS scoring, CWE/OWASP classification, risk-based prioritization)
  • Strong understanding of common vulnerability classes (OWASP Top 10, SANS Top 25) and remediation strategies
  • Experience with vulnerability management platforms (e.g., Jira, ServiceNow, DefectDojo, or similar)
  • Ability to write clear, reproducible proof-of-concept exploits and remediation validation reports
  • Familiarity with SDLC integration and working directly with development teams on fix guidance
  • Strong written and verbal communication skills; able to translate technical findings for varied audiences

Preferred Qualifications

  • Relevant certifications: OSCP, GPEN, GWAPT, CEH, or equivalent
  • Experience with bug bounty or crowdsourced vulnerability programs
  • Familiarity with financial services regulatory requirements (PCI-DSS, FFIEC, SOX)
  • Scripting/automation skills (Python, Bash, Burp extensions) for retesting workflows
  • Experience with CI/CD pipeline security tooling (SAST/DAST integration)
  • Burp Suite Professional, Nuclei, Caido
  • Git-based workflows and code review
  • Cloud platforms (AWS, Azure, GCP) security configurations
  • Container/Kubernetes security fundamentals

Who We Are:

The Fountain Group is a nationwide staffing firm with over 80 Fortune 100-500 clients. Since 2001, TFG has maintained a consistent standard of excellence, and our work is broadly recognized every year through numerous industry performance awards. Our success is a team effort.

Browse our website below for additional information on our company.

The Fountain Group

3407 W Martin Luther King Jr. Dr. Tampa, FL 33607

“We work in Life Sciences, Clinical, Engineering, IT, and more. Above all, we specialize in people.”

By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy at Privacy Policy


Similar Jobs

Explore other opportunities that match your interests

QA Automation Engineer

Testing
51m ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Mid-Senior level

codevertex innovations llc

United State
Visa Sponsorship Relocation Remote
Job Type Contract
Experience Level Mid-Senior level

Covetus

United State

Penetration Tester

Testing
1h ago
Visa Sponsorship Relocation Remote
Job Type Contract
Experience Level Mid-Senior level

KPG99 INC

United State

Subscribe our newsletter

New Things Will Always Update Regularly