Contract Penetration Testers

Remote - United States

Full Time Contract Mid-level / Intermediate
Defiant logo
Apply now Apply later

Posted 3 weeks ago

Defiant is a cybersecurity company that delivers the best threat protection for over 4 million WordPress sites. We are a 100% remote team, fast moving, nimble, and self managed.

We are looking for contract penetration testers to join our team for a short-term project of approximately 6 weeks in duration at a minimum of 20-30 hours per week.

You will be working with our Director of Information Security along side a small team that will be testing our network infrastructure and web applications to find security vulnerabilities that an attacker could exploit.

If security is your passion and you love doing CTFs in your spare time, then you're exactly who we want to talk to.


  • 5+ years of web application and network penetration testing experience.
  • At least 2 of the following OSCP, CEH, OSCE, GPEN, GWAPT, LPT and/or other equivalent certifications that are valid and not expired.
  • Experience with security and penetration testing tools, such as Metasploit, NMAP, Burpsuite or other various tools and vulnerability scanners.
  • Practical knowledge and experience with Linux operating systems, wordpress, wordpress plugins, API's, AWS architecture, RDS, Redis, Bash, Python, PHP, Laravel, Nginx and Apache.
  • Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement.
  • Familiar with the fundamentals of web applications including authentication, session management, requests, form submittal, etc.
  • Understanding and ability to exploit Cross Site Scripting, Authentication bypass/escalation, SQL injection, RCE and other common vulnerabilities.
  • Deep understanding of security fundamentals and common vulnerabilities (e.g. OWASP Top Ten).
  • Ability to create comprehensive details of findings and provide remedial recommendations after testing is complete to be compiled into the final report.
  • Thorough understanding of network protocols, data on the wire, and covert channels.
  • Excellent written and verbal communication skills.
  • Must be a creative and critical thinker. You have to think outside the box.
  • Highly motivated, deeply passionate and able to work with little oversight.
  • Ability to follow instructions and have attention to detail.
  • Previous Red or Purple team exercise experience desired.


  • Work remotely from wherever you have a secure internet connection
  • Work whatever hours are best for you (20-30 per week); could be a side gig
  • Diversity at Defiant

    We value diversity and do not discriminate based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, military or veteran status, gender identity or expression, marital status, sexual orientation, political ideology, economic status, parental status, or any other non-performance-related status.

    Job tags: Architecture AWS BurpSuite CEH GPEN Linux Metasploit Military Nmap OSCE OSCP Penetration testing PHP Python TTPs Vulnerabilities
    Job region(s): North America Remote/Anywhere
    Job stats:  76  11  0
    • Share this job via
    • or

    More Information Security position highlights