Penetration Testing Associate
About the Role
KirkpatrickPrice is a trusted security partner to organizations of all sizes and maturity levels. Our clients need experts who are experienced, patient, and communicate well: people who help them discover vulnerabilities and learn how to strengthen their defenses. We love empowering and inspiring our clients to effectively protect their most sensitive data.
We’re hiring a Penetration Testing Associate to keep our penetration testing program running smoothly behind the scenes. This hybrid role blends light hands-on technical work (maintaining scanning infrastructure, deploying test devices, running pre-scans) with project coordination (engagement kickoffs, client check-ins, scope validation, and onboarding).
It’s an ideal first role for someone early in their cybersecurity career who is detail-oriented, comfortable around Linux and networking concepts, and enjoys both technical tasks and working directly with people. You’ll partner closely with penetration testers and client success teams to make sure every engagement is set up correctly, on schedule, and within scope. We’ll provide documentation, mentorship, and on-the-job training, so prior professional experience is not required.
What You’ll Do
Infrastructure & Device Maintenance
- Perform weekly updates and health checks on all active testing devices, and maintain core testing tools and services on a recurring schedule, including scanners, VPNs, and supporting platforms.
- Manage cloud and hosted infrastructure (snapshots, backups, server maintenance), troubleshoot device update and connectivity issues over secure tunnels, and keep documentation and asset inventories accurate and current.
- Deploy and configure physical and virtual testing devices following established procedures, preparing them for shipment or remote setup with secure credential handoff.
- Provision new team members across penetration testing tools and platforms.
Vulnerability Scanning & Reporting
- Manage and perform vulnerability scanning for all clients: schedule and run scans, review and validate results, and deliver reports to clients.
Engagement Coordination & Scoping
- Set up project-tracking boards and coordinate kickoff and check-in calls, confirming network details, verifying pre-engagement questionnaires, resolving access issues, and scheduling pre-scan windows.
- Proactively follow up with clients to ensure pre-engagement tasks are completed accurately and on time, providing status updates and looping in testers for final confirmation.
- Confirm engagement targets against agreed scope and securely store credentials and device details in the team’s password manager.
- Run pre-scans ahead of testing weeks and compare results against scope to flag discrepancies before testing begins.
What We’re Looking For
Required
- Strong organizational skills and attention to detail, with reliable follow-through to track and chase down many moving pieces across multiple concurrent engagements.
- Clear, effective written and verbal communication; comfortable leading client-facing calls and keeping clients accountable for completing pre-engagement tasks on schedule.
- An IT or cybersecurity education or background: a degree, certifications, coursework, or equivalent hands-on experience in IT, cybersecurity, computer science, or a related field.
- Foundational familiarity with networking concepts (IP addressing, ports, VPNs, SSH) and Linux command-line environments.
- Ability to handle sensitive credentials and client information responsibly.
Preferred (Nice to Have)
- Internships, lab/home-lab experience, or industry certifications beyond the baseline requirement.
- Exposure to vulnerability scanners or vulnerability management platforms.
- Familiarity with cloud or hosted infrastructure.
- Interest in or exposure to offensive security, penetration testing, or red team tooling.
- Experience with project-tracking or collaboration tools.
Desired Characteristics
Character
- Possess an extreme level of integrity. The top 1% of wealth holders in America rate integrity as the #1 factor that explains economic success.
- Apply diligence to every engagement so that the client benefits the most.
- Passionate about helping clients understand and complete what’s needed to keep their testing on track.
- Strong desire to contribute to and learn from an open and collaborative team. Humility and contribution to the team are valued.
- Able to communicate clearly with both technical and non-technical audiences.
Skills Required
- Strong organizational skills and attention to detail
- Clear, effective written and verbal communication; comfortable leading client-facing calls
- IT or cybersecurity education or background (degree, certifications, coursework, or equivalent hands-on experience)
- Foundational familiarity with networking concepts (IP addressing, ports, VPNs) and Linux command-line environments
- Ability to handle sensitive credentials and client information responsibly
- Internships, lab/home-lab experience, or industry certifications beyond baseline
- Exposure to vulnerability scanners or vulnerability management platforms
- Familiarity with cloud or hosted infrastructure
- Interest in or exposure to offensive security, penetration testing, or red team tooling
- Experience with project-tracking or collaboration tools
What We Do
KirkpatrickPrice is a licensed information security CPA firm, a PCI QSA, and a HITRUST CSF Assessor, providing assurance services to over 2,000 clients worldwide. Registered with the PCAOB, KirkpatrickPrice has provided information security assurance through audits, assessments, and penetration testing that strengthen information security and compliance controls since 2005. KirkpatrickPrice clients rely on our firm to deliver compliance attestation services that effectively communicate their audit programs to their clients and stakeholders. These compliance reports provide assurance that an organization complies with state and federal regulations while protecting sensitive information. At KirkpatrickPrice, we make sure you receive quality testing so you can rest assured in your information security practices.
.png)






