Working for PEN Consultants offers great flexibility and an opportunity to work in an environment where God comes first, family second, and work third in everything we do. If you have grown tired of having to check your faith at the door, or having to sacrifice time with your family to meet unreasonable deadlines, you have come to the right place.
Below are some of the general job details of working for us as an Offensive Security Tester performing Security and Penetration Testing, Red Teaming, Social Engineering, etc.
Job Description – Overview:
- You will perform some or all of the services you see on our services page – Vulnerability Scanning and Assessments, Network, Mobile and Application Penetration Testing, Red Teaming, etc.
- In general, you will be hacking into client environments and then communicating with the client (via a report and debriefings) on steps they should take to defend against your activity.
- You’ll take ownership of most of the engagement life cycle: performing testing, ensuring testing is completed to a documented standard, closing it out, overseeing more junior testers, etc. Preferably also handling the scoping, ensuring the client is prepared for testing (via kick-off requests/RFCs), client assistance with mitigation and detection efforts, providing client training, etc.
What We Are Looking For:
- Integrity: Clear background, high level of discretion, etc.
- Curiosity: Willingness to explore and analyze threat scenarios in a variety of business settings
- Self-learner: Research and troubleshooting skills
- Mindset: Ability to “think evil”, like an attacker
- Workflow: A healthy balance of following testing guides/standards (to ensure coverage) and chasing rabbits off the path (where others before you have missed)
- Independent & Collaborative: Able to work independently, but able to collaborate (giving and receiving help) as-needed. Must have the ability to complete an entire engagement without assistance (in a worst case-scenario), while simultaneously mentoring a more junior tester.
- Certifications: Not required, but preferred (in order of preference): PNPT (best), Burp Suite Certified Practitioner (best), OSCP/OSWE/OSCE, GPEN/GWAPT/GXPN, CEH/ECSA/LPT, CPT/CEPT/CEREA, or PenTest+
- IT Knowledge: Intermediate to advanced skills in Windows, Linux, macOS, networking, OSI, etc., with system administration and CLI experience in at least Windows and a Unix/Linux based OS.
- Experience: Knowledge and work experience with various IT/InfoSec/Cyber topics and technologies such as system and network administration, web and mobile apps, cloud, endpoint and network security, OWASP security principles, CIS Controls, etc. You’ll need to have most, if not all, of this knowledge coming in, in addition to 3+ years of actual penetration testing or red teaming experience on the job.
- Note: The following does not qualify as pentesting/red teaming experience: Bug bounty, vulnerability scanning or management, compliance auditing, CTFs, hack-the-box type environments, college degrees, certifications, etc. Although those are great entry-level experiences, but they do not enable you to hit-the-ground-running as an independent tester.
- Tools: Experience with “hacker” and security type tools such as Wireshark, Nmap, Metasploit, sqlmap, Aircrack-ng, Hydra/JTR/Hashcat, Nikto/wpscan/w3af, Burp, ZAP, Nessus, OpenVAS, and tools such as those in the Kali Linux distro. Must have enough experience to be able to describe at least basic parameters and options from memory.
- Preferred: Mobile development and analysis, cloud security, social engineering, vulnerability research, exploit and malware development, etc.
- Status: All testing consultants start out working under a 1099 relationship, which provides all parties the most flexibility in matching testers-to-engagements. Additionally, it allows our consultants to hold other employment if they so choose. In fact, some of our consultants only work for us on a part-time basis, while maintaining other employment or personal businesses. Note 1: Openings advertised as “full-time” require 35+ hours for a typical week; part-time requires at least 20 hours per week. Note 2: We cannot accept applicants who plan to work for or own a company offering offensive security testing services while working with us.
- You choose your engagement: Each client engagement will be offered to consultants with the appropriate skill set, and in a round-robin type fashion. When offered, you choose if the details of the engagement (client, timeline, compensation, etc.) are agreeable, and accept or pass on the opportunity. You will never be forced to work for a client or under a set of restrictions in which you are not comfortable.
- Flexible hours: You set your own hours! Caveat: There are often client-imposed deadlines or restrictions placed on testing times, but you will be provided those details prior to committing to an engagement, and you can determine on a case-by-case basis whether it is something that is compatible with you.
- Remote / Travel: All work is remote, but it is limited to CONUS (Continental United States) at this time. Once per year, we fly everyone into HQ for a weekend of face-to-face fellowship. From time to time, there may also be opportunities to travel to client sites, but that is optional.
- Communication: You will be provided access to email, Slack, one-on-ones, etc.
- Pay: We pay up to $177k a year (at 40hrs/week), with an option for overtime. Compensation is per-engagement, paid as a percentage of the contracted client cost. You can get a general idea of those costs on our services page. All newly hired testers without experience (i.e. entry-level) will start out at 5% compensation (~$20/hr) and are required to prove themselves to move up. Someone coming in with a few years of experience can expect that compensation to start off higher. In all cases, there is potential for compensation to increase after each engagement, and be to 20% (~$82/hr) as soon as the sixth engagement. All consultants have the ability to earn additional compensation by taking on responsibility for a larger share of the overall engagement and becoming an expert in this field. Additionally, there are occasional opportunities to earn additional compensation outside of testing engagements (ex. setting up lab environments, assisting with marketing, sales, technical services oversight, etc.).
- Bonuses: Once per year, we take a percentage of the profits and distribute it proportionally among all team members, based on hours worked for the year.
- Benefits: We offer no traditional benefits – health care, retirement, etc. – and that’s a great thing for you! If you don’t already understand this, you need to realize that for every take-it-or-leave-it benefit you are offered by a traditional employer, they reduce your compensation, whether you take the benefits or not. We believe in giving you your total compensation, and giving you the freedom to choose which benefits you wish to pay for, which you don’t, which providers may best represent your values, etc. Once you are onboard, the team can help you navigate this area, and you will quickly realize how liberating this approach to benefits really is.
- Missions: As stated, we are a Biblically-centered and family-focused company. As such, we are in the early stages of launching a company-sponsored missions program in which we will organize, and pay for, missions trips for consultants and their families. Our goal is to be able to eventually sponsor both company-wide and individual-family missions trips. We believe providing these opportunities will not only further the spread of The Good News, but they will help us bond as a team.
- Team Devotionals: Once per month, you’ll have the opportunity to join the entire team via Zoom for a 1-hr devotional, led by members of the team. This helps us keep our focus on kingdom things, provides a time of encouragement, and gives you the opportunity to periodically share with the team something God has put on your heart.
- Taxing status: Unlike traditional/W-2 employment, your 1099 taxing status may enable you to reduce your income by claiming business expenses for anything related to this work – computer equipment, phone, home office, etc. (Note: You need to consult with your tax professional on the details.)
- Covered costs: Although the consultant must provide their own computer system(s) for use during testing, PEN Consultants covers all other costs, including, but not limited to: testing software (ex. Burp, Nessus, etc.), special hardware (ex. mobile, wireless, etc.), 3rd-party services (ex. IaaS, developer accounts, etc.), liability insurance (although you may wish to have your own policy as well), travel (if needed), etc.
- Testing materials: We provide all testing guides, boilerplate write-ups for your findings and recommendations, “tips & tricks” resources, etc.
- Ownership, with Collaboration: We have strong negative feelings about the pentesting industry’s typical one-tester-per-engagement and exclusionary practices which can be impersonal and isolating. We believe that collaborating as often as is possible, practical, and beneficial is the best approach to ensure the highest quality Services rendered for our clients. Although you may be assigned to lead and own a particular client engagement, there will always be one, or more, other consultants assisting you in areas in which they are strong and simply as a peer review to ensure thoroughness. All consultants are expected to freely give of their time to “teach” others as well as be open to “learn” from others.
- Proprietary & Intellectual Property: One thing that frustrates employees of traditional companies is that all works they create (ex. software), even “on personal time”, is considered company-owned intellectual property. We reject that business philosophy. We strongly believe that a consultant should receive credit for, maintain ownership of, and benefit from his/her creations, even those performed during Services rendered for us. Caveat: We must also balance that with our business needs, and, in some cases, work-for-hire type restrictions imposed by a client. There are specific guidelines for this, which you will see during onboarding. Suffice it to say, we encourage you to retain ownership of your work whenever possible – you made it, you should own it.
- System Security: The system(s) you use for testing must adhere to the highest level of security – isolation, patching/config management, FDE, passwords, MFA, audit logs, etc. More details will be provided during onboarding.
- Conflict of Interest: You should carefully consider any conflicts of interest you may have. This is especially true for those who may maintain other employment.
- Code of Conduct: Only the utmost professional and moral candidates need apply. We do not tolerate inappropriate professional conduct including, but not limited to: discriminatory comments, harassment, cursing, being uncooperative, disrespectful, unlawful activity, being under the influence of any “mind-altering substance” (ex. alcohol, illicit drugs, certain prescription drugs, etc.) during Services rendered, etc.