Sr Penetration Tester na Trellance Inc

Description

The Senior Penetration Tester is responsible for leading and executing advanced offensive security assessments across a variety of environments including networks, applications, cloud platforms, and physical systems. This role requires a blend of deep technical expertise and strategic vision to help build and scale the penetration testing practice within the organization. The individual will collaborate with internal teams and external clients, mentor junior staff, and contribute to the development of methodologies, tooling, and service offerings. This position is ideal for someone who thrives in a hands-on role while also influencing the direction and growth of a core cybersecurity function.

ESSENTIAL FUNCTIONS:

• Perform penetration testing engagements across diverse environments (network, application, cloud, physical).
• Develop and maintain testing methodologies, tools, and reporting standards.
• Deliver detailed, actionable findings and remediation guidance to technical and non-technical stakeholders.
• Collaborate with clients and internal teams to define engagement scope and objectives.
• Stay current with emerging threats, vulnerabilities, and offensive security techniques.
• Mentor and train junior penetration testers.
• Assist in building and scaling the penetration testing practice:
  • Define service offerings and delivery models.
  • Establish operational processes and tooling.
  • Support business development and client engagement.
  • Contribute to hiring and team growth strategies.
• Perform other duties as assigned.

Requirements

POSITION REQUIREMENTS:

Minimum Education/Experience: Bachelor’s degree in Computer Science, Information Security, or a related field from an accredited college or university plus a minimum of 5 years of hands-on penetration testing experience; alternatively, a high school diploma or equivalent plus a minimum of ten (10) years of penetration testing experience 

Certifications: OSCP or GPEN is required. OSEP, OSCE, CRTP or CRT or equivalent advanced certifications are preferred. 

Company / Industry Knowledge: Experience working in or with cloud service providers, SaaS environments, or enterprise IT infrastructures. Prior experience in banking, credit union, or financial services industries is strongly preferred. Familiarity with regulatory frameworks and compliance standards (e.g., PCI-DSS, GLBA, FFIEC, NIST, ISO 27001).

SKILLS/ABILITIES

· Expertise in offensive security tools and techniques (e.g., Burp Suite, Metasploit, Cobalt Strike, Nessus, Nmap).

· Strong understanding of cloud platforms (AWS, Azure, GCP) and container security.

· Proficiency in scripting languages (Python, PowerShell, Bash).

· Familiarity with MITRE ATT&CK, OWASP Top 10, and CVSS scoring.

· Excellent communication and technical report-writing skills.

· Ability to lead engagements independently and manage multiple projects.

· Strong analytical and problem-solving skills.

· Ability to translate technical findings into business risk context.

· Prior experience in consulting or client-facing roles is highly desirable.

· Travel up to 10%.

Preferred Qualifications:

· Experience in red teaming or adversary simulation.

· Prior experience building or scaling a security practice.

· Experience contributing to business development or pre-sales efforts.

· Demonstrated leadership in cybersecurity communities or conferences.