[Remote] Security Consultant II (Web Application Penetration Tester)
Note: The job is a remote job and is open to candidates in USA. NetSPI is a leader in Penetration Testing as a Service (PTaaS) and is seeking a skilled Security Consultant II to conduct thorough security assessments and identify vulnerabilities in web applications. The role involves delivering actionable reports and contributing to the development of security best practices to enhance clients' security posture.ResponsibilitiesConduct penetration testing engagements on web applications and underlying APIsCreate, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security postureResearch and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processesPerform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operationsSkillsBachelor's degree or higher required, with a concentration in Computer Science, Engineering, Math, or IT preferred, or equivalent experienceMinimum of 2-3 years of work experience in application penetration testingFamiliarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus)Familiarity with offensive and defensive IT concepts and protocolsExtensive understanding of the OWASP Top 10 and various security frameworksWorking knowledge of Windows, Linux and MacOS operating systems internalsAbility to work independently and as part of a teamProficient communication skills, both written and verbalWillingness to travel up to 5-10%This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needsExperience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferencesExperience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#)Offensive cybersecurity certifications (e.g., GXPN, GPEN, OSCP, CISSP, GWAPT)Company OverviewNetSPI is a cybersecurity company that offers enterprise security testing and attack surface management services. It was founded in 2001, and is headquartered in Minneapolis, Minnesota, USA, with a workforce of 501-1000 employees. Its website is https://www.netspi.com.Company H1B SponsorshipNetSPI has a track record of offering H1B sponsorships, with 1 in 2025, 3 in 2024, 1 in 2023, 2 in 2022, 5 in 2021, 5 in 2020. Please note that this does not guarantee sponsorship for this specific role.