Penetration Tester

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

We are seeking a Penetration Tester to join our growing cybersecurity team. In this role, you will assess the security of applications, networks, and systems through structured penetration testing, vulnerability assessments, and red-teaming simulations. You will help identify weaknesses across diverse environments—with a specific focus on MacOS and Cloud ecosystems—document findings and provide actionable recommendations to strengthen clients’ security defenses.

• Conduct Advanced Penetration Tests: Perform comprehensive security assessments across cloud, network, and system environments.
• MacOS Application Testing: Execute specialized security evaluations of native MacOS applications to identify platform-specific vulnerabilities.
• Execute Red Teaming & Social Engineering: Go beyond standard assessments by simulating real-world adversary tactics and testing human security awareness through phishing and pretexting.
• Cloud Security Analysis: Evaluate and exploit vulnerabilities within AWS, GCP, or Azure environments to ensure robust cloud architecture.
• Identify and Document Vulnerabilities: Analyze findings, assess impact, and produce detailed reports with clear remediation recommendations.
• Collaborate on Remediation: Work with engineering and operations teams to validate fixes and strengthen overall system security.
• Develop Testing Tools and Methods: Create and refine scripts, tools, and methodologies to enhance testing accuracy and coverage.
• Own the Client Testing Experience: Serve as the primary technical point of contact for a portfolio of clients undergoing penetration testing engagements, building trusted relationships and ensuring every client feels informed, supported, and confident throughout the assessment process.
• Handle Sensitive Findings Professionally: Communicate critical vulnerabilities and complex technical concerns with urgency, discretion, and composure — providing solution-oriented guidance that reinforces trust and confidence.

• Support the Client Experience: Assist senior team members in maintaining strong client relationships by participating in communications, providing timely updates, and helping ensure clients feel informed throughout the engagement.
• Communicate Testing Activities Clearly: Help translate technical testing plans, findings, and remediation steps into clear, client-friendly language, ensuring transparency and understanding at all stages of the assessment.
• Collaborate with Clients During Engagements: Work alongside clients’ technical teams to gather required information, validate vulnerabilities, and support remediation efforts with a professional and cooperative approach.
• Contribute to Reporting and Deliverables: Prepare well-structured draft reports and documentation that clearly outline vulnerabilities, risks, and recommended fixes, aligning with client expectations and industry standards.
• Support Issue Resolution: Assist in addressing client questions and concerns during and after engagements, escalating more complex issues when needed while maintaining responsiveness and professionalism.
• Build Foundational Trust: Develop rapport with client stakeholders through reliability, attention to detail, and consistent follow-through on assigned tasks.
• Adapt to Client Needs: Learn to recognize varying client environments and communication styles, adjusting approach under guidance to ensure effective collaboration and service delivery.

• Proven Experience: Significant experience as a Penetration Tester with a track record of testing complex environments.
• Cloud Proficiency: Hands-on experience performing cloud security assessments (AWS, GCP, or Azure) is essential.
• MacOS Expert: You are a primary MacOS user with the technical proficiency to test and secure native MacOS applications.
• Red-Teaming Mindset: A strong interest or foundational knowledge in red-teaming methodologies, focusing on post-exploitation and lateral movement.
• Technical Toolkit: Proficiency with modern penetration testing tools, methodologies, and reporting standards.
• Trusted Advisor Mindset: You bring a consultative approach to client engagements, balancing technical depth with the interpersonal skills needed to build confidence and drive remediation.
• Documentation Skills: Excellent analytical and documentation skills, with the ability to explain complex technical risks to various stakeholders.
• Communication: Effective communication skills with fluency in written and spoken English.
• Certifications: Relevant certifications such as OSCP, CRTO, or cloud-specific security certs are preferred.

• Familiarity with compliance standards such as SOC 2, GDPR, or HIPAA.
• Experience working in a fast-paced technology or cybersecurity startup environment.
• Exposure to security awareness or employee training initiatives.

• Career Development: Clear path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
• Growth Opportunity: Early-stage company with significant room for career advancement.
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.

• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.

Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws.