Start the tester interview process (Phase 1) here

Working for PEN Consultants offers great flexibility and an opportunity to work in an environment where God comes first, family second, and work third in everything we do. If you have grown tired of having to check your faith at the door, or having to sacrifice time with your family to meet unreasonable deadlines, you have come to the right place.

Below are some of the general job details of working for us as a Consultant performing Security and Penetration Testing.

  • Job Description – Overview:
    • You will be performing some or all of the services you see on our services page – Vulnerability Scanning and Assessments, Network, Mobile and Application Penetration Testing, Red Teaming, etc.
    • In general, you will be hacking into client environments and then communicating with the client (via a report and debriefings) on steps they should take to defend against your activity.
  • What We Are Looking For:
    • Integrity: Clear background, high level of discretion, etc.
    • Curiosity: Willingness to explore and analyze threat scenarios in a variety of business settings
    • Self-learner: Research and troubleshooting skills
    • Mindset: Ability to “think evil”, like an attacker
    • Programming: Experience with at least one language (order of preference): Python, Powershell, Visual Basic, Go, C#, JavaScript, C/C++, Java, etc. Prefer basic to intermediate programming skills in at least one language from each: machine compiled, JIT, and scripting
    • Basic IT Knowledge – Windows, Linux, macOS, networking, OSI, etc.
    • Experience: At least some knowledge and experience with various IT/InfoSec/Cyber topics and technologies such as system and network administration, web and mobile apps, cloud, endpoint and network security, OWASP security principles, CIS Controls, etc. Any combination of employment or at-home experience. What you don’t know already, you are willing to learn.
    • Tools: Knowledge of “hacker” and security type tools such as Wireshark, Nmap, Metasploit, sqlmap, Aircrack-ng, Hydra/JTR/Hashcat, Nikto/wpscan/w3af, Burp, ZAP, Nessus, OpenVAS, and tools such as those in the Kali Linux distro.
    • Certifications: Not required, but preferred: OSCP/OSWE/OSCE, GPEN/GWAPT/GXPN, CEH/ECSA/LPT, CPT/CEPT/CEREA, or PenTest+
    • Bonus: Mobile development and analysis, cloud security, social engineering, vulnerability research, exploit and malware development, CLI experience in all three major OSs, penetration testing and red teaming, etc.
  • More details:
    • Status: All testing consultants start out working under a 1099 relationship, which provides all parties the most flexibility in matching testers-to-engagements. Additionally, it allows our consultants to hold other employment if they so choose. In fact, many of our consultants only work for us on a part-time basis, while maintaining other employment or personal businesses.
    • You choose your engagement: Each client engagement will be offered to consultants with the appropriate skill set, and in a round-robin type fashion. When offered, you choose if the details of the engagement (client, timeline, compensation, etc.) are agreeable, and accept or pass on the opportunity. You will never be forced to work for a client or under a set of restrictions in which you are not comfortable.
    • Flexible hours: You set your own hours! Caveat: There are often client-imposed deadlines or restrictions placed on testing times, but you will be provided those details prior to committing to an engagement, and you can determine on a case-by-case basis whether it is something that is compatible with your personal needs.
    • Remote: All work is remote, but it is limited to CONUS at this time. Once per year, we fly everyone into HQ for a weekend of face-to-face fellowship. From time to time, there may also be opportunities to travel to client sites, but that is optional.
    • Communication: You will be provided access to email, Slack, one-on-ones, etc.
    • Pay: Compensation is per-engagement, paid as a percentage of the contracted client cost. You can get a general idea of those costs on our services page. All newly hired testers will start out at 5% compensation (~$15/hr), and be required to prove themselves to move up. Someone coming in with a few years of experience can expect that compensation to increase by steps of 3% after each engagement, and be to 20% compensation (~$60/hr) as soon as the sixth engagement. All consultants have the ability to earn up to a 26% compensation by taking on responsibility for a larger share of the overall engagement and becoming an expert in this field. Additionally, there are occasional opportunities to earn additional compensation outside of testing engagements (ex. setting up lab environments, assisting with marketing, sales, etc.). Finally, with anticipated growth, we also anticipate compensation increasing by the end of 2022.
    • Benefits: We offer no traditional benefits – health care, retirement, etc. – and that’s a great thing for you! If you don’t already understand this, you need to realize that for every take-it-or-leave-it benefit you are offered by a traditional employer, they reduce your compensation, whether you take the benefits or not. We believe in giving you your total compensation, and enabling you with the freedom to choose which benefits you may wish to pay for, which you don’t, which providers may best represent your values, etc. Once you are onboard, the team can help you navigate this area, and you will quickly realize how liberating this approach to benefits really is.
    • Missions: As stated, we are a biblically-centered and family-focused company. As such, we are in the early stages of launching a company-sponsored missions program in which we will organize, and pay for, missions trips for consultants and their families. Our goal is to be able to eventually sponsor both company-wide and individual-family missions trips. We believe providing these opportunities will not only further the spread of The Good News, but they will help us bond as a team.
    • Team Devotionals: Once per month, you’ll have the opportunity to join the entire team via Zoom for a 1-hr devotional, led by members of the team. This helps us keep our focus on kingdom things, provides a time of encouragement, and gives you the opportunity to periodically share with the team something God has put on your heart.
    • Taxing status: Unlike traditional/W-2 employment, your 1099 taxing status may enable you to reduce your income by claiming business expenses for anything related to this work – computer equipment, phone, home office, etc. (Note: You need to consult with your tax professional on the details.)
    • Covered costs: Although the consultant must provide their own computer system(s) for use during testing, PEN Consultants covers all other costs, including, but not limited to: testing software (ex. Burp, Nessus, etc.), special hardware (ex. mobile, wireless, etc.), 3rd-party services (ex. IaaS, developer accounts, etc.), liability insurance (although you may wish to have your own policy as well), travel (if needed), etc.
    • Testing materials: We provide all testing guides, boilerplate write-ups for your findings and recommendations, “tips & tricks” resources, etc.
    • Ownership, with Collaboration: We have strong negative feelings about the pentesting industry’s typical one-tester-per-engagement and exclusionary practices which can be impersonal and isolating. We believe that collaborating as often as is possible, practical, and beneficial is the best approach to ensure the highest quality Services rendered for our clients. Although you may be assigned to lead and own a particular client engagement, there will always be one, or more, other consultants assisting you in areas in which they are strong and simply as a peer review to ensure thoroughness. That is something that goes both ways – be open to giving and receiving peer collaboration. All consultants are expected to freely give of their time to “teach” others as well as be open to “learn” from others. We say at least 10% is a good goal to have when giving of your time.
    • Proprietary & Intellectual Property: One of the things that is frustrating to employees of traditional companies is that all works they create (ex. software), even “on personal time”, is considered company-owned intellectual property. We reject that business philosophy. We strongly believe that a consultant should receive credit for, maintain ownership of, and benefit from his/her creations, even those performed during Services rendered for us. Caveat: We must also balance that with our business needs, and, in some cases, work-for-hire type restrictions imposed by a client. There are specific guidelines for this, which you will see during onboarding. Suffice it to say, we encourage you to retain ownership of your work whenever possible – you made it, you should own it.
    • System Security: The system(s) you use for testing must adhere to the highest level of security practical – isolation, patching/config management, FDE, passwords, MFA, audit logs, etc. More details will be provided during onboarding.
    • Conflict of Interest: You should carefully consider any conflicts of interest you may have. This is especially true for those who may maintain other employment.
    • Code of Conduct: Only the utmost professional and moral candidates need apply. We do not tolerate inappropriate professional conduct including, but not limited to: discriminatory comments, harassment, cursing, being uncooperative, disrespectful, unlawful activity, being under the influence of any “mind-altering substance” (ex. alcohol, illicit drugs, certain prescription drugs, etc.) during Services rendered, etc.

Schedule a no obligation consultation with PEN Consultants today! Information & Cybersecurity Testing - Penetration Testing, Red Teaming, Vulnerability Scanning and Assessment services for Apps, Web Apps, Network, Wireless, and more!