top of page

Penetration Tester

Full-Time

New Gloucester, ME, Remote, or Hybrid

About the Role

We are seeking an experienced and highly skilled Penetration Tester to join our cybersecurity team. In this role, you will conduct comprehensive security assessments across internal, external, and cloud environments, including networks, applications, APIs, and supporting infrastructure.

 

You will identify vulnerabilities, simulate real-world attack scenarios, and provide actionable remediation guidance to clients.

 

This position is critical to helping organizations strengthen their overall security posture and protect sensitive data against evolving threats.

What You'll Do

  • Perform manual and automated penetration tests across internal networks, external-facing systems, web and mobile applications, APIs, and supporting infrastructure.

  • Conduct OSINT-based discovery and asset validation as part of engagement scoping.

  • Identify, exploit, and document vulnerabilities in line with industry standards such as OWASP Top 10, MITRE ATT&CK, and other relevant frameworks.

  • Simulate real-world attack scenarios to assess security posture across multiple environments.

  • Produce detailed technical reports and executive summaries with clear risk ratings and remediation steps.

  • Validate fixes for previously identified vulnerabilities and perform regression testing.

  • Stay current on emerging attack techniques, vulnerabilities, and industry trends.

  • Collaborate with client teams to provide remediation guidance and security best practices.

  • Ensure compliance with applicable regulations and frameworks (e.g., PCI-DSS, HIPAA, GDPR).

What We're Looking For

  • 3–5+ years of hands-on penetration testing experience across internal networks, external systems, web/mobile applications, and APIs.

  • Strong knowledge of network security, application security, and common attack vectors.

  • Proficiency with tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, MobSF, and other industry-standard frameworks.

  • Experience with Active Directory assessments, privilege escalation techniques, and lateral movement in internal environments.

  • Solid understanding of authentication mechanisms (OAuth2, JWT, SSO), encryption, and secure coding practices.

  • Familiarity with CI/CD pipelines and integrating security testing tools.

  • Excellent report writing and communication skills for technical and non-technical audiences.

Preferred Qualifications

  • Certifications such as OSCP, OSEP, OSWA, OSWE, HTB CPTS, HTB CWES.

  • Experience testing and remediating diverse environments, including cloud platforms (AWS, GCP, Azure).

  • Scripting and automation skills (Python, Bash, PowerShell).

  • Understanding of regulatory and compliance requirements (PCI-DSS, HIPAA, GDPR).

Soft Skills

  • Strong analytical and problem-solving abilities.

  • Ability to think creatively and simulate real-world attack scenarios across multiple environments.

  • Collaborative mindset and willingness to mentor junior team members.

Why Join Us?

At Deer Brook, you’ll join a collaborative, forward-thinking technology team that values innovation, creativity, and continuous improvement.

 

We offer access to future-ready tools and technologies, including AI development platforms, along with opportunities for professional growth in both technical and business domains.

 

Our flexible work environment, comprehensive benefits, and competitive compensation support your success while you contribute to impactful projects, grow alongside a supportive team, and thrive in a culture rooted in respect, integrity, and innovation.

About Deer Brook

Apply Now

Ready to apply?

 

Send your resume directly to our team now at careers@deer-brook.com.

A diamond shape
A decorative diamond shape
bottom of page