Penetration Tester

The Opportunity 

We are seeking a Penetration Tester to join our growing cybersecurity team. In this role, you will assess the security of applications, networks, and systems through structured penetration testing, vulnerability assessments, and red-teaming simulations. You will help identify weaknesses across diverse environments—with a specific focus on MacOS and Cloud ecosystems—document findings and provide actionable recommendations to strengthen clients’ security defenses.

What You'll Do

• Conduct Advanced Penetration Tests: Perform comprehensive security assessments across cloud, network, and system environments.
• MacOS Application Testing: Execute specialized security evaluations of native MacOS applications to identify platform-specific vulnerabilities.
• Execute Red Teaming & Social Engineering: Go beyond standard assessments by simulating real-world adversary tactics and testing human security awareness through phishing and pretexting.
• Cloud Security Analysis: Evaluate and exploit vulnerabilities within AWS, GCP, or Azure environments to ensure robust cloud architecture.
• Identify and Document Vulnerabilities: Analyze findings, assess impact, and produce detailed reports with clear remediation recommendations.
• Collaborate on Remediation: Work with engineering and operations teams to validate fixes and strengthen overall system security.
• Develop Testing Tools and Methods: Create and refine scripts, tools, and methodologies to enhance testing accuracy and coverage.
• Stay Current with Threat Landscape: Continuously monitor emerging exploits, specifically focusing on MacOS-based threats and cloud-native attack vectors.

Who You Are

• Proven Experience: Significant experience as a Penetration Tester with a track record of testing complex environments.
• Cloud Proficiency: Hands-on experience performing cloud security assessments (AWS, GCP, or Azure) is essential.
• MacOS Expert: You are a primary MacOS user with the technical proficiency to test and secure native MacOS applications.
• Red-Teaming Mindset: A strong interest or foundational knowledge in red-teaming methodologies, focusing on post-exploitation and lateral movement.
• Technical Toolkit: Proficiency with modern penetration testing tools, methodologies, and reporting standards.
• Documentation Skills: Excellent analytical and documentation skills, with the ability to explain complex technical risks to various stakeholders.
• Communication: Effective communication skills with fluency in written and spoken English.
• Equipment: Ownership of a capable MacOS workstation for running modern security and platform-specific testing tools.
• Availability: Amenable to working during US Eastern Time zone hours.
• Certifications: Relevant certifications such as OSCP, CRTO, or cloud-specific security certs are preferred.

Nice to Have 

• Familiarity with compliance standards such as SOC 2, GDPR, or HIPAA.
• Experience working in a fast-paced technology or cybersecurity startup environment.
• Exposure to security awareness or employee training initiatives.

What We Offer

• Career Development: Clear path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
• Growth Opportunity: Early-stage company with significant room for career advancement.
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.

Work Environment Requirements

• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

Workstreet Is An Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.