Penetration Tester (W-2 or 1099 | U.S.-Based)
WE ARE HIRING Penetration Tester (W-2 or 1099 | U.S.-Based) Department: Technical Operations (TechOps) Location: Remote (U.S.) + Required Travel Across the U.S. and Canada Employment Type: Open to W-2 Employee or 1099 Contractor About US RSI Security is a cybersecurity advisory firm dedicated to helping organizations secure their environments, reduce risk, and stay compliant. Our team of specialized practitioners works hands-on with clients across multiple industries, delivering technical excellence with a service-first mindset. We are expanding our penetration testing bench and seeking a highly skilled Penetration Tester to support ongoing client engagements, including onsite assessments. About the ROLE The Penetration Tester executes advanced manual penetration testing across multiple disciplines, supports client engagements both remotely and onsite, and delivers accurate, actionable, and validated reporting. This role requires strong technical depth, disciplined follow-through, consultative communication, and consistent alignment with RSI methodologies and Core Values. W-2 and 1099 versions of the role share the same responsibilities; however, W-2 roles include scorecard metrics and quarterly Rocks, while 1099 contractors operate on a deliverables-based SOW model. What You’ll Do
- Manual Internal and External Penetration Testing
- Internal Segmentation Testing (lateral movement, trust boundary analysis)
- Web Application Penetration Testing (OWASP Top 10, business logic flaws)
- Mobile Application Penetration Testing (Android/iOS)
- API Penetration Testing (auth flows, token abuse, endpoint assessment)
- Social Engineering Penetration Testing (phishing, vishing, pretexting)
- Hardware/IoT Penetration Testing as needed
- Create detailed, validated, and remediation-focused penetration testing reports
- Present findings to both technical and non-technical stakeholders
- Maintain alignment with industry standards (NIST, PTES, OWASP, MITRE, etc.)
What You’ll Bring
- 3–7+ years of penetration testing experience
- Full-stack offensive testing skills (network, web, mobile, API, IoT, SE)
- Proficiency with Burp Suite, Nmap, Nessus, Metasploit, Wireshark, etc.
- Strong reporting and documentation skills
- Excellent client-facing communication
- Familiarity with OWASP, PTES, NIST SP 800-115, OSSTMM
- Ability to work independently
- Must be able to travel within the United States (non-negotiable)
- Must be U.S.-based
Mindset We Value
- You chase the why behind technical problems
- You take pride in craftsmanship and validated manual testing
- You deliver on commitments and own outcomes
- You communicate clearly, without ego
- You adapt quickly when situations are ambiguous
- You always act with integrity
- You pursue growth and mastery in your craft
What We Offer
W-2 Employees
- Unlimited flex vacation
- Paid parental leave
- 401(k) with 100% employer match
- Medical, dental, vision coverage
- Professional development & certification reimbursement
- Remote-first culture
1099 Contractors
- Flexible project-based or hourly contracting
- Remote work
- Access to RSI standards and methodologies
- Long-term contracting potential
RSI Security is proud to be an Equal Opportunity Employer. We value equity, inclusion, and diversity as part of our broader commitment to respecting fundamental human rights across our value chain. The Company will consider qualified applicants with arrest and conviction records, consistent with applicable laws. For more information on RSI Security, please visit www.rsisecurity.com or our LinkedIn page. On our career site, you will also find the steps guiding you through our hiring process.