Penetration Tester

Full-Time or Contract

New Gloucester, ME, Remote, or Hybrid

About the Role

We are seeking an experienced and highly skilled Penetration Tester to join our cybersecurity team. In this role, you will conduct comprehensive security assessments across internal, external, and cloud environments, including networks, applications, APIs, and supporting infrastructure. You will identify vulnerabilities, simulate real-world attack scenarios, and provide actionable remediation guidance to clients. This position is critical to helping organizations strengthen their overall security posture and protect sensitive data against evolving threats.

Responsibilities

Perform manual and automated penetration tests across internal networks, external-facing systems, web and mobile applications, APIs, and supporting infrastructure.
Conduct OSINT-based discovery and asset validation as part of engagement scoping.
Identify, exploit, and document vulnerabilities in line with industry standards such as OWASP Top 10, MITRE ATT&CK, and other relevant frameworks.
Simulate real-world attack scenarios to assess security posture across multiple environments.
Produce detailed technical reports and executive summaries with clear risk ratings and remediation steps.
Validate fixes for previously identified vulnerabilities and perform regression testing.
Stay current on emerging attack techniques, vulnerabilities, and industry trends.
Collaborate with client teams to provide remediation guidance and security best practices.
Ensure compliance with applicable regulations and frameworks (e.g., PCI-DSS, HIPAA, GDPR).

Qualifications

3–5+ years of hands-on penetration testing experience across internal networks, external systems, web/mobile applications, and APIs.
Strong knowledge of network security, application security, and common attack vectors.
Proficiency with tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, MobSF, and other industry-standard frameworks.
Experience with Active Directory assessments, privilege escalation techniques, and lateral movement in internal environments.
Solid understanding of authentication mechanisms (OAuth2, JWT, SSO), encryption, and secure coding practices.
Familiarity with CI/CD pipelines and integrating security testing tools.
Excellent report writing and communication skills for technical and non-technical audiences.

Nice-to-Haves

Certifications such as OSCP, OSEP, OSWA, OSWE, HTB CPTS, HTB CWES.
Experience testing and remediating diverse environments, including cloud platforms (AWS, GCP, Azure).
Scripting and automation skills (Python, Bash, PowerShell).
Understanding of regulatory and compliance requirements (PCI-DSS, HIPAA, GDPR).

Soft Skills

Strong analytical and problem-solving abilities.
Ability to think creatively and simulate real-world attack scenarios across multiple environments.
Collaborative mindset and willingness to mentor junior team members

About Deer Brook

Deer Brook Consulting is a trusted partner in information security, privacy, and technology. At the crossroads of business, cyber, and IT, we specialize in empowering organizations to achieve their goals faster and more effectively. Whether our customers are in Higher Education, Government Services, Banking and Finance, or need support with Cyber Security, DIB, CMMC, or DFARS Compliance, we provide solutions tailored specifically for their needs.

Equal Opportunity Employer Statement

Deer Brook is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other status protected by applicable law.

Apply Now

Ready to apply?

Send your resume directly to our team now at careers@deer-brook.com.