Senior Security Consultant (Web Application Penetration Tester)
NetSPI · United States
- Hybrid
- Full-time
- $120,000 / year
- United States
Job highlights
- Conduct web application penetration tests independently.
- Provide technical and QA oversight on assessments.
- Mentor junior team members and share knowledge.
- Develop innovative penetration testing techniques.
- Deliver actionable security recommendations to clients.
About the role
About NetSPI
NetSPI® is an award-winning pioneer of Penetration Testing as a Service (PTaaS) with its AI-powered platform supported by more than 350 in-house cybersecurity experts. Specializing in 50+ pentest types, attack surface visibility, vulnerability prioritization, and attack simulation, NetSPI delivers security testing with unprecedented clarity, speed, and scale. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.Join the mission as a Senior Security Consultant
We are seeking a skilled and detail-oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. As a Penetration Tester supporting web applications, you will work closely with clients to deliver clear, actionable reports and contribute to the development of security best practices.Responsibilities
- Conduct engagements on web applications and underlying APIs independently and provide technical oversight.
- Review reports for accuracy in technical oversight, perform weekly QA oversight, and provide mentoring support to others.
- Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture.
- Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes.
- Participate in development, implementation, and oversight of testing, delivery, and management strategies for key client accounts.
- Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations.
Minimum Qualifications
- Bachelor’s degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience.
- Minimum of 3-5 years of work experience in Penetration Testing.
- Familiarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus).
- Familiarity with offensive and defensive IT concepts and protocols.
- Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks.
- Working knowledge of Windows, Linux and MacOS operating systems internals.
- Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences.
- Ability to work independently and as part of a team.
- Proficient communication skills, both written and verbal.
- Willingness to travel up to 5-10%.
- This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs.
Preferred Qualifications
- Ability to provide technical and QA oversight on web applications and underlying APIs.
- Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#).
- Offensive cybersecurity certifications (e.g., GXPN, GPEN, OSCP, GWAPT).
Equal Opportunity Employer
NetSPI is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.Key skills/competency
- Penetration Testing
- Web Application Security
- Vulnerability Assessment
- Security Consulting
- OWASP Top 10
- MITRE ATT&CK
- API Security
- Cybersecurity
- Offensive Security
- Reporting
Skills & topics
- Senior Security Consultant
- Web Application Penetration Tester
- Penetration Testing
- Cybersecurity
- Vulnerability Assessment
- Security Consulting
- OWASP
- MITRE ATT&CK
- API Security
- Offensive Security
- Kali Linux
- Burp Suite
- Metasploit
- Nessus
- Python
- Ruby
- GXPN
- GPEN
- OSCP
- GWAPT
- IT
- Computer Science
- Engineering
- Math
How to get hired
- Tailor your resume: Highlight your 3-5 years of penetration testing experience and familiarity with offensive tools like Burp Suite and Metasploit. Emphasize your knowledge of OWASP Top 10 and MITRE ATT&CK.
- Showcase your expertise: Mention any offensive cybersecurity certifications (OSCP, GWAPT, etc.) and programming/scripting language proficiency (Python, Ruby) in your application.
- Demonstrate leadership: Detail any experience mentoring team members or sharing knowledge through blogs, webinars, or conferences.
- Prepare for interviews: Be ready to discuss your approach to web application penetration testing, your understanding of security frameworks, and your problem-solving skills.
- Research NetSPI: Understand their PTaaS model, AI-powered platform, and commitment to innovation and client success.
Technical preparation
Master OWASP Top 10 and MITRE ATT&CK.,Practice with Kali, Burp Suite, Metasploit.,Learn Windows, Linux, macOS internals.,Gain scripting skills in Python or Ruby.
Behavioral questions
Describe a complex web app vulnerability found.,How do you mentor junior penetration testers?,Explain your approach to client reporting.,How do you stay updated on new threats?
Frequently asked questions
- What are the key responsibilities for a Senior Security Consultant at NetSPI?
- As a Senior Security Consultant at NetSPI, you will conduct web application and API penetration tests, provide technical and QA oversight on engagements, mentor junior consultants, develop new testing methodologies, and deliver comprehensive reports to clients. You'll also contribute to NetSPI's products and processes.
- What technical skills and experience are essential for this Senior Security Consultant role at NetSPI?
- A Bachelor's degree in IT, Computer Science, or a related field (or equivalent experience) is required, along with 3-5 years of penetration testing experience. Essential technical skills include familiarity with offensive tools (Kali Linux, Burp Suite, Metasploit), understanding of OWASP Top 10, MITRE ATT&CK, and knowledge of Windows/Linux/macOS internals.
- Does NetSPI offer opportunities for professional development for Security Consultants?
- Yes, NetSPI encourages professional development. The role involves researching and developing innovative techniques, and experience mentoring team members or sharing knowledge externally through blogs, webinars, or conferences is valued. Preferred qualifications include offensive cybersecurity certifications.
- What is the expected travel for a Senior Security Consultant at NetSPI?
- The role requires willingness to travel up to 5-10%. This indicates that while the majority of the work is likely remote or client-site based, occasional travel for client engagements may be necessary.
- How does NetSPI ensure fair hiring practices for its Senior Security Consultant positions?
- NetSPI is an equal employment opportunity employer. All qualified applicants receive consideration without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. They also notify applicants of their rights under federal employment laws.
- What programming or scripting languages are beneficial for a Senior Security Consultant at NetSPI?
- While not strictly required, experience in programming or scripting languages such as Ruby, Python, Perl, C, C++, Java, and C# is considered a preferred qualification. This can be valuable for developing custom tools and automating tasks during penetration tests.
- What does NetSPI specialize in as a cybersecurity company?