Sr. Offensive Security Consultant

Position: Sr. Offensive Security Consultant – Web App/APILocation: United States – RemoteEmployment Type: Full TimePay Range: $130k-$160k /yr base salary depending on experience/expertiseKey ResponsibilitiesConduct web application and API penetration testing using a variety of manual methods, tools, and techniquesDevelop custom proof‑of‑concept exploits and tooling when automated or existing tools are insufficientProduce clear, comprehensive technical reports and executive summaries that outline vulnerabilities, business impact, and remediation guidanceStay current on emerging threats, TTPs, and cyber security trendsContribute to HALOCK's penetration testing framework, including deliverables, custom script development, testing methods and techniques, and ongoing researchParticipate in project kickoff and report delivery meetingsModel professional standards in client‑facing and internal communications, including being prepared, on time, and responsive during active engagementsQualificationsMinimum of 6-8 years of professional experience in hands‑on manual web application and API penetration testing across a variety of technologiesStrong knowledge of web application and API security testing toolsSkills‑based industry certification (e.g., OSWA, BSCP, ASCP, etc.)Demonstrated ability to develop custom tooling in Python, Bash, or similarExcellent ability to troubleshoot technical issuesExhibit extensive knowledge of industry standard penetration testing frameworks and methods (e.g., PTES, OWASP, MITRE ATT&CK)Strong organizational skills, including ability to deliver with minimal supervisionStrong professionalism and speaking/writing skillsAbility to multi‑task without compromising deadlines and assignment expectationsBasic project management competencies such as following process and protocol for project delivery, ability to identify project risks, project multitasking, and ability to self‑manage when appropriateAbility to execute assessments as defined in project plans, within assigned budgets and due datesPreferred / Nice to HavePrevious experience conducting penetration testing in a consulting capacityCross discipline experience in areas such as network penetration testing, adversarial engagements, mobile application testing, and/or source code reviewWorking knowledge of PCI DSS, HIPAA, and SOC 1/2, and the ability to translate offensive security findings into compliance‑relevant risk and remediation guidanceFormal education in Information Security, Information Technology, Computer Science, Engineering or related disciplineDesire to contribute to HALOCK's blog and/or speak at industry conferences on occasionHALOCK offers excellent compensation and benefits packages including competitive bonus potential, training and paid certification opportunities, paid time off, health, dental, 401(k), long‑term disability, conference attendance, and more.DisclosuresHALOCK is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees.All candidates invited to interview will be required to sign a strict confidentiality and non‑disclosure agreement.Full background checks are performed, with consent, on all successful candidates before employment offers can be extended.US citizens and Green Card holders, EAD and TN are encouraged to apply. We are unable to sponsor H1 candidates at this time.No 3rd parties please. Individuals only need apply.#J-18808-Ljbffr

Position: Sr. Offensive Security Consultant – Web App/APILocation: United States – RemoteEmployment Type: Full TimePay Range: $130k-$160k /yr base salary depending on experience/expertiseKey ResponsibilitiesConduct web application and API penetration testing using a variety of manual methods, tools, and techniquesDevelop custom proof‑of‑concept exploits and tooling when automated or existing tools are insufficientProduce clear, comprehensive technical reports and executive summaries that outline vulnerabilities, business impact, and remediation guidanceStay current on emerging threats, TTPs, and cyber security trendsContribute to HALOCK's penetration testing framework, including deliverables, custom script development, testing methods and techniques, and ongoing researchParticipate in project kickoff and report delivery meetingsModel professional standards in client‑facing and internal communications, including being prepared, on time, and responsive during active engagementsQualificationsMinimum of 6-8 years of professional experience in hands‑on manual web application and API penetration testing across a variety of technologiesStrong knowledge of web application and API security testing toolsSkills‑based industry certification (e.g., OSWA, BSCP, ASCP, etc.)Demonstrated ability to develop custom tooling in Python, Bash, or similarExcellent ability to troubleshoot technical issuesExhibit extensive knowledge of industry standard penetration testing frameworks and methods (e.g., PTES, OWASP, MITRE ATT&CK)Strong organizational skills, including ability to deliver with minimal supervisionStrong professionalism and speaking/writing skillsAbility to multi‑task without compromising deadlines and assignment expectationsBasic project management competencies such as following process and protocol for project delivery, ability to identify project risks, project multitasking, and ability to self‑manage when appropriateAbility to execute assessments as defined in project plans, within assigned budgets and due datesPreferred / Nice to HavePrevious experience conducting penetration testing in a consulting capacityCross discipline experience in areas such as network penetration testing, adversarial engagements, mobile application testing, and/or source code reviewWorking knowledge of PCI DSS, HIPAA, and SOC 1/2, and the ability to translate offensive security findings into compliance‑relevant risk and remediation guidanceFormal education in Information Security, Information Technology, Computer Science, Engineering or related disciplineDesire to contribute to HALOCK's blog and/or speak at industry conferences on occasionHALOCK offers excellent compensation and benefits packages including competitive bonus potential, training and paid certification opportunities, paid time off, health, dental, 401(k), long‑term disability, conference attendance, and more.DisclosuresHALOCK is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees.All candidates invited to interview will be required to sign a strict confidentiality and non‑disclosure agreement.Full background checks are performed, with consent, on all successful candidates before employment offers can be extended.US citizens and Green Card holders, EAD and TN are encouraged to apply. We are unable to sponsor H1 candidates at this time.No 3rd parties please. Individuals only need apply.#J-18808-Ljbffr

• 

• Government Careers