Penetration Testing Engineer - Network Security

Overview

The Penetration Testing Engineer – Network Security is a hands-on client facing offensive security role responsible for executing network, cloud, and adversary-emulation engagements under established methodologies. This role goes beyond point-in-time vulnerability testing and actively contributes to red team and purple team operations, including social engineering, attack-path validation, and defensive collaboration.

Penetration Testing Engineers work closely with senior testers, red team leads, detection engineers, and clients to identify exploitable weaknesses, simulate real-world threat actor behavior, and validate security controls. This role is ideal for practitioners with a strong networking foundation who are ready to operate as adversaries while contributing to high-quality reporting and continuous improvement of testing capabilities.

• 3–5 years of experience in IT, cybersecurity, or offensive security
• Prior exposure to penetration testing, red team activities, SOC collaboration, or adversary emulation
• Experience performing internal, external, or cloud network security assessments

• Execute internal and external network penetration tests, including attack-path discovery and privilege escalation
• Perform port scanning, service enumeration, and network mapping using industry-standard tools
• Identify and validate misconfigurations, weak authentication, segmentation failures, and trust boundary issues
• Assess on-prem and cloud network architectures (AWS, Azure, hybrid environments)

• Participate in red team engagements simulating real-world adversaries
• Execute TTP-driven attacks aligned to frameworks such as MITRE ATT&CK
• Support purple team exercises by collaborating with defensive teams to:
  • Validate detections
  • Tune alerts
  • Measure defensive coverage
• Provide clear attacker-perspective feedback to blue teams and security leadership

• Support and/or execute social engineering campaigns, including:
  • Phishing (email-based and credential harvesting)
  • Vishing and pretexting (as authorized)
  • Physical security testing support (where in scope)
• Assist in campaign planning, execution, and ethical handling of sensitive data
• Document social engineering outcomes with clear business and risk context

• Draft clear, accurate technical findings with reproduction steps and evidence
• Contribute to executive summaries that explain risk, impact, and attack feasibility
• Communicate findings effectively to:
  • Technical teams
  • Defensive stakeholders
  • Non-technical leadership
• Support remediation validation and re-testing activities

• Use and help improve offensive tooling, scripts, and testing infrastructure
• Support automation efforts for discovery, enumeration, and validation
• Continuously develop skills in network attacks, cloud security, and adversary techniques

• Strong understanding of:
• TCP/IP, routing, DNS, DHCP
• Network segmentation and trust boundaries
• Hands-on experience with:
• Port scanning and enumeration (e.g., Nmap)
• Vulnerability identification and validation
• Familiarity with common network attack vectors:
• Weak credentials
• Misconfigured services
• Excessive trust and lateral movement paths
• Working knowledge of firewalls, VPNs (IPSec/SSL), and access controls
• Basic scripting for automation (Bash, Python, or Power Shell)

• Navigating cloud platforms (AWS and/or Azure)
• Understanding:
  • Security groups / NSGs
  • IAM users, roles, and policies
  • Storage services (S3, Blob Storage)
• Identifying cloud-specific misconfigurations and exposure risk

This role requires demonstrated interest or experience in:

• Adversary emulation and red team testing
• Purple team collaboration with SOC and detection teams
• Social engineering techniques and ethical execution
• Translating attacker actions into defensive improvement opportunities

Candidates should be motivated to think like attackers while improving organizational resilience.

• S…