Penetration Tester

Role: Penetration Tester

Location: Remote - must be located in U.S.

About Rhymetec: 

Rhymetec is an industry leader in the MSSP cybersecurity space. Our goal is to simplify cybersecurity for our clients so they can become compliant faster and focus more on their business and less on the complexities of building effective and compliant infosec programs.

Description: 

We’re expanding our Offensive Security division and seeking a Penetration Tester to support client engagements, internal research, and offensive tool development. In this role, you’ll perform web application and API penetration tests, assist in validating bug bounty reports, and deliver PTaaS engagements with ongoing client communication and remediation support. Testing occurs in real-world environments, requiring both technical expertise and creative problem-solving. This position also offers opportunities to grow into mobile, cloud, and network testing, supported by a structured training and advancement framework.

Responsibilities: 

• Validate and triage bug bounty submissions on behalf of clients, confirming exploitability, impact, and accuracy of findings before remediation.
• Perform penetration testing engagements across web applications, web APIs, and related assets using OWASP WSTG and ASTG methodologies.
• Participate in PTaaS (Penetration Testing as a Service) operations, conducting continuous assessments, validating new vulnerabilities, and maintaining open communication with clients regarding findings and remediation tracking
• Identify, exploit, and document vulnerabilities across a range of technologies, providing detailed explanations and actionable remediation steps.
• Present and debrief findings to client engineering and security teams in clear, technically accurate language.
• Contribute to ongoing vulnerability and threat intelligence research, including monitoring for new exploits, CVEs, and emerging attack trends.
• Collaborate with offensive security professionals to refine testing methodologies, develop custom tooling, and enhance overall service quality.
• Participate in structured training and mentorship programs, progressing through increasingly complex engagements.
• Engage in Capture the Flag (CTF) competitions and attend cybersecurity conferences or workshops to continuously expand your technical expertise.
• Grow into broader offensive domains, including:
• Mobile penetration testing (iOS & Android)
• Cloud penetration tests and configuration reviews (AWS, Azure, GCP)
• Internal and external network penetration testing
• Phishing and vishing (social engineering) campaigns

*Candidates with experience in any of these areas will have immediate opportunities to participate in related projects*

Qualifications:

Required Certifications - Candidates must hold at least one of the following certifications or an equivalent certification that demonstrates hands-on penetration testing skills:

• OffSec Web Assessor (OSWA)
• OffSec Web Expert (OSWE)
• OffSec Certified Professional (OSCP or OSCP+)
• Burp Suite Certified Practitioner (BSCP)
• HTB Certified Web Exploitation Specialist (HTB CWES)
• HTB Certified Web Exploitation Expert (HTB CWEE)
• HTB Certified Bug Bounty Hunter (HTB CBBH)
• Bachelor’s degree in computer science, information security, or related field.
• 1-3 years within Penetration testing
• Bachelor’s degree with relevant studies or an equivalent in experience. 
• Demonstrated technical ability and hands-on experience weigh more than formal education.
  

Benefits: 

Rhymetec offers a robust employee package, including:

• Supportive leadership and a clear growth path into senior-level penetration testing roles.
• 100% of employee medical premiums are covered by the employer and discounted family insurance options
• Dental and Vision Benefits
• PTO and Sick Time + 11 paid Holidays
• 401K retirement option
• Company-paid Life Insurance
• Annual Subscription to TalkSpace (online counseling & therapy service)

Compensation may vary outside of the range depending on several factors, including a candidate's qualifications, skills, competencies, experience, and location. Base pay is one part of the Total Package provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives.

Rhymetec is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.