PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Sales Development Representative

Click the button below to apply for this position:

Apply Now

Position Overview

Working with PEN Consultants offers great flexibility and an opportunity to work with a company where God comes first, family second, and work third in everything we do. If you have grown tired of having to check your faith at the door, or having to sacrifice time with your family to meet unreasonable deadlines, you have come to the right place.

Below are some of the general opportunity details of working with us as a Sales Development Representative (SDR) selling Information and Cybersecurity Testing Services.

Basic Information

Short Summary

We are looking for highly qualified sales leads/referrals. There will be no need for the Sales Development Representative (SDR) to worry about contracts and closing the deal.

PEN Consultants provides the most competitively priced information and cybersecurity testing services on the market to help find weaknesses in clients’ systems before the criminals do. Some of our services include network and web app vulnerability scanning and assessments, penetration testing, red teaming, social engineering and phishing assessments, etc. - all of which are instrumental in protecting organizations against prevailing breaches and meet testing requirements found in various compliance regulations (PCI DSS, HIPAA, GDPR, SOC, etc.).

Unique Selling Point

Information and cybersecurity testing services are in high demand in the financial/banking, healthcare/medical, and IT industries. There is a growing market in retail, energy, legal services, and others. As the need for testing services grows in response to data and system breaches and compliance and regulatory requirements, many security testing firms are arising.

A growing number of these firms have deficiencies, including junior testers who lack the skills to perform thorough testing in a safe manner, offering limited guidance to clients because of their lack of experience, deceptive marketing practices, undisclosed testing methodologies, and secretive and high pricing.

PEN Consultants was created to specifically counter every one of those industry deficiencies:

  • Experience: We have over 20 years experience in cybersecurity, including 7 years in the government sector and 15 years in the private sector. From working as a system administrator for a school district, a vulnerability and exploitation analyst for the National Security Agency (NSA), to building and leading a Red Team at USAA, we have an unmatched combination of skills and experience.
  • Clarity: Our service descriptions and details are publicly posted. We don’t give unqualified service descriptions such as “penetration testing”.  Instead, we are very upfront about our process, providing details and exactly what is included in each service on our website. This is spelled out in even greater detail in each Statement of Work (SOW).
  • Real-time Notes: We are quite possibly the only testing firm that provides access to our live notes and real-time journal to ensure each client has the ability to see exactly what we are testing and which commands we are running in real-time. In our minds, transparency trumps perceived intellectual property.
  • Public Pricing: Although our final contract pricing can only be determined after an in-depth scoping call with a client, we, unlike nearly every other testing firm, publicly post our estimated pricing for our services based on a handful of parameters.
  • Price Match Guarantee: Also unique to PEN Consultants is a price match guarantee. We are so confident that our clients will not receive the same quality of testing at our price that we guarantee it with a price match guarantee. Clients must simply provide a recent SOW or estimate from a competitor that clearly documents the quality of testing being provided, and we will match the price! Note: This is not something we bring up with a client unless budget is mentioned.
  • Kingdom Focus: We are the only overtly Christian-owned and biblically-based pentest firm on the market, making us a great match for other like-minded organizations that require offensive security testing services - ex. banks and credit unions, technology companies storing client data and providing software and services, etc. Note: Although we are overt on our website, this is not something we would advertise on our company material, nor is it something we would bring up on a typical client phone call.  It could be useful information, though, when talking with other like-minded orgs.
  • Corporate Social Responsibility: We give 10% of every dollar we bring in from for-profit companies to charitable organizations we feel best represent our corporate values and social responsibility. Details:



Commission Details

No base salary will be provided. All SDRs work under a 1099 relationship, which provides all parties the most flexibility. 10% commission for leads + $2,500 (USD) bonus each quarter over $100,000 (USD) in new sales, paid on contracted and invoiced engagements from your initial lead. Plus residual commissions on all invoices within the first year from your initial lead.

Selling Method:

Telesales, Social Media, Face to Face, Affiliate Link, Appointment Setting, etc.


Our Industry

Information and cybersecurity testing services, information technology and services, computer and network security, etc.

Target Industries

Nearly all industries, including banking/FI, construction, video gaming, state/local government, health, higher ed, humanitarian, IT services, legal, manufacturing, non-profit, pharmaceutical, religious/faith-based, software, transportation, etc. See details here:

Products & Services

  • Vulnerability Scanning and Assessment Services
    • Web Application Vulnerability Scan
    • Network Vulnerability Scan
  • Security and Penetration Testing Services
    • Web Application Security Testing
    • Network Security Testing
    • Mobile Application Security Testing
    • Client-Side Application Security Testing
    • Wireless Security Testing
  • Specialized Services
    • Red Teaming Engagement
    • Phishing Assessment
    • Social Engineering Assessment

More details here:



Most typical testing is performed remotely, so could theoretically be performed anywhere and has been performed in regions around the world. Two notable caveats:

  • Some services would be cost-prohibitive to offer outside of the United States, or even potentially in the US, depending on how far they are from our location. Examples: Wireless Security Testing or any of the physical/on-site portions of red teaming, social engineering, or pentesting – all require travel to the client’s site, which is an additional fee.
  • There are some countries in which we can NOT provide services in, and others that require special handling. Details are at:

Minimum Experience Required

Existing sales experience and network.


About the opportunity

About our Services

PEN Consultants offers comprehensive cybersecurity testing services - traditional Vulnerability Scanning, Penetration Testing, and Red Teaming - to identify threats and vulnerabilities in client networks, apps, and software before the attacker does. In addition to our core services, we also offer customized services, the exact blend of which is driven by the unique needs of each of our clients.

By mimicking the actions of a hacker, we can uncover potential attack vectors (vulnerabilities, misconfigurations, detection gaps, etc.) that would greatly damage an organization by compromising its systems and data. But, unlike a hacker, we will perform the attacks with great care, in order to maintain confidentiality/integrity/availability of the data and systems, and provide an actionable plan for the client to protect their systems and data.

What we are looking for

We are looking for highly qualified sales leads/referrals. The target goal is about five solid introductions per month, not dozens/hundreds of semi-interested leads.

We need Sales Development Representatives (SDRs) who not only understand the benefits of security testing, but representatives who can also educate a prospective client on the need for our testing services. SDRs will need to match our services to client needs, provide prospective clients with estimated pricing, and then engage PEN Consultants for the scoping and contract phases. Because of the level of detail that goes into the scoping phase of a custom tailored engagement, there will be no need for a SDR to worry about contracts and closing the deal - we will take over the lead and the SDR can move on to the next lead.

Target Industries

In short, our services are applicable to nearly every industry and every organization size. Those listed below are the typical/common industries that have requested our services.

Some industries have regulatory and compliance requirements for our services, such as PCI DSS, HIPAA, GDPR, SOC, etc. Specific testing includes banking applications and networks, technology solutions (SaaS and PaaS), healthcare applications and networks, corporate networks of higher education, humanitarian organizations, law firms, manufacturing, pharmaceutical, transportation, video gaming, etc. Beyond governmental regulatory requirements, there are an increasing number of clients who are compelled by their customers to perform a certain level of testing and provide attestation.

More mature organizations have internal mandates and policies to hire outside testing firms to test the effectiveness of not only their prevention defenses, but also their detection and response capabilities. This gets more into the red teaming services we offer which would likely be beyond the scope and budget of smaller organizations. With that said, there is an increased focus on red teaming in the industry, and as such, smaller organizations are starting to budget for these services.

Target Job Titles

Example job titles of those that would be interested in, and understand the general need for our services, would include the following. It would also include those who work under/report to these positions. These are approximately in order of commonality:

  • CISO (Chief Information Security Officer)
  • CIO (Chief IT|Information Officer)
  • CSO (Chief Security Officer)
  • CTO (Chief Technology Officer)
  • VP|Director|Chief of Information Technology|Security|Assurance
  • VP|Director|Chief of Vulnerability Management
  • VP|Director|Chief of Cyber Risk Management
  • VP|Director|Chief of Internal Audit

Payment Terms

Sales Development Representative will be paid, in full, after contract (at time of invoice).

More about the opportunity


We are looking for highly qualified sales leads/referrals, nothing more.  This means that a Sales Development Representative's (SDR's) job is complete when they pass the lead/referral on to us.  It’s as simple as that!

No base salary will be provided. All SDRs work under a 1099 relationship, which provides all parties the most flexibility. Sales Development Representatives will receive 10% commission for referrals/leads + $2,500 (USD) bonus for each quarter in excess of $100,000 (USD) in new sales. All commissions/bonuses are paid on closed contracts from your initial sales lead and paid at time of invoice. We offer residual commissions on all invoices within the first year from the initial sales lead.

The number of system and data breaches increases every year. Periodic security testing is one of the most cited pillars of a good security program to defend against such breaches. The demand for this service is already high, and it is rapidly growing. Since PEN Consultants handles “closing the deal,” SDRs can move quickly onto the next lead. As a startup, we are looking for trusted sales partners who will embrace our core values and grow with us. 


Candidate MUST reside in: Australia, Austria, Belgium, Brunei, Bulgaria, Canada, Chile, Colombia, Croatia, Cyprus, Czech Republic, Denmark, Ecuador, Estonia, Finland, France, Germany, Greece, Hungary, India, Indonesia, Ireland, Israel, Italy, Japan, Latvia, Lithuania, Luxembourg, Malaysia, Malta, Mexico, Netherlands, New Zealand, Peru, Philippines, Poland, Portugal, Romania, Singapore, Slovakia, Slovenia, South Korea, Spain, Sri Lanka, Sweden, Thailand, Tonga, United Kingdom, or the United States.

The ideal candidate will be one who has an established sales process and portfolio of companies and services in which they are actively selling to an existing network of clients, or one who is starting to build this out. Given the current volume of our new sales, it may be difficult to make a living off of a sales commission from us alone.

Without question, a SDR must have a good, general understanding of the technology field and lingo, as well as the ability to quickly learn the specific lingo used in the information and cybersecurity testing area of this field. Ideally, the SDR would already have some level of knowledge about services, such as “penetration testing” and “red teaming,” even if it’s a quick-study before an initial phone call with us.

From our experience in working with other SDRs, and based on some ambiguity in the market with these terms, it is vital that terminology used during the sales process is consistent with what we have documented on our website and blog. One of the things that sets us apart from other firms is our strict adherence to precise definitions and our transparency with our clients in what service we are selling them. As an example, less than reputable, larger vendors are known to sell vulnerability scanning and assessment services as penetration testing. As such, it is imperative that a SDR understands these differences so a client is not misled.

Training and Support

PEN Consultants will provide the Sales Development Representative (SDR) with the training and knowledge needed to sell our services and provide estimated pricing (which is already published publicly). Although not required, we would encourage a SDR to stay engaged (as an observer) throughout the scoping and contract phases, as the level of detail covered in those phases would likely help one to understand our services better.

To date, our training and support have been ad hoc/as-needed. The SDRs we have interacted with have a general knowledge of the services and are already highly experienced SDRs in their own right. With that said, we will provide any reasonable amount of training that a SDR sees fit. Our view is, when you succeed, we succeed.

We would like to have a recurring monthly chat with the SDR, even if things are going great, to ensure we are providing everything possible to make the SDR successful.

We would also appreciate a SDR who is (politely) forthright with feedback to us about our processes, marketing, etc. Help us help you. If our messaging, at any stage, needs tweaking or changing in order to make your job easier, we want to know.