← All Positions
Posted Mar 21, 2026

Penetration Testing Engineer - Network Security

Apply Now
The Penetration Testing Engineer – Network Security is a hands-on client facing offensive security role responsible for executing network, cloud, and adversary-emulation engagements under established methodologies. This role goes beyond point-in-time vulnerability testing and actively contributes to red team and purple team operations, including social engineering, attack-path validation, and defensive collaboration. Penetration Testing Engineers work closely with senior testers, red team leads, detection engineers, and clients to identify exploitable weaknesses, simulate real-world threat actor behavior, and validate security controls. This role is ideal for practitioners with a strong networking foundation who are ready to operate as adversaries while contributing to high-quality reporting and continuous improvement of testing capabilities. Typical Experience • 3–5 years of experience in IT, cybersecurity, or offensive security • Prior exposure to penetration testing, red team activities, SOC collaboration, or adversary emulation • Experience performing internal, external, or cloud network security assessments Core Responsibilities Network & Infrastructure Penetration Testing • Execute internal and external network penetration tests, including attack-path discovery and privilege escalation • Perform port scanning, service enumeration, and network mapping using industry-standard tools • Identify and validate misconfigurations, weak authentication, segmentation failures, and trust boundary issues • Assess on-prem and cloud network architectures (AWS, Azure, hybrid environments) Red Team & Purple Team Operations (Required) • Participate in red team engagements simulating real-world adversaries • Execute TTP-driven attacks aligned to frameworks such as MITRE ATT&CK • Support purple team exercises by collaborating with defensive teams to: • Validate detections • Tune alerts • Measure defensive coverage • Provide clear attacker-perspective feedback to blue teams and security leadership Social Engineering (Required) • Support and/or execute social engineering campaigns, including: • Phishing (email-based and credential harvesting) • Vishing and pretexting (as authorized) • Physical security testing support (where in scope) • Assist in campaign planning, execution, and ethical handling of sensitive data • Document social engineering outcomes with clear business and risk context Reporting & Communication • Draft clear, accurate technical findings with reproduction steps and evidence • Contribute to executive summaries that explain risk, impact, and attack feasibility • Communicate findings effectively to: • Technical teams • Defensive stakeholders • Non-technical leadership • Support remediation validation and re-testing activities Tooling & Continuous Improvement • Use and help improve offensive tooling, scripts, and testing infrastructure • Support automation efforts for discovery, enumeration, and validation • Continuously develop skills in network attacks, cloud security, and adversary techniques Technical Skills & Knowledge Required Technical Skills • Strong understanding of: • TCP/IP, routing, DNS, DHCP • Network segmentation and trust boundaries • Hands-on experience with: • Port scanning and enumeration (e.g., Nmap) • Vulnerability identification and validation • Familiarity with common network attack vectors: • Weak credentials • Misconfigured services • Excessive trust and lateral movement paths • Working knowledge of firewalls, VPNs (IPSec/SSL), and access controls • Basic scripting for automation (Bash, Python, or PowerShell) Cloud & Hybrid Environments • Navigating cloud platforms (AWS and/or Azure) • Understanding: • Security groups / NSGs • IAM users, roles, and policies • Storage services (S3, Blob Storage) • Identifying cloud-specific misconfigurations and exposure risk Red / Purple Team & Social Engineering Requirements This role requires demonstrated interest or experience in: • Adversary emulation and red team testing • Purple team collaboration with SOC and detection teams • Social engineering techniques and ethical execution • Translating attacker actions into defensive improvement opportunities Candidates should be motivated to think like attackers while improving organizational resilience. Soft Skills & Professional Expectations • Strong curiosity and desire to continuously improve offensive skills • Ability to accept feedback and iterate on findings and techniques • Professional judgment, ethical conduct, and respect for authorization boundaries • Clear written and verbal communication skills • Ability to collaborate effectively across offensive and defensive teams Certifications (Optional but Beneficial) While hands-on ability is prioritized, certifications that align with this role include: • Network or security fundamentals • Offensive security or red team–oriented certifications • Social engineering or adversary emulation training Who is Evolve Security? Evolve Security is a cybersecur Apply Now Apply Now
Apply Now

More Remote Jobs

Information Technology/Assurance (IT/IA) Specialist IllAug 26, 2025Remote Quality Assurance Manager - Precision Medicine - Dallas, TxApr 22, 2026Claims Examiner - Workers Comp (Remote) I Northeast JurisdictionsApr 9, 2026Immediate Hiring: Urgently Require SECONDARY ENGLISH LANGUAGEJun 24, 2025Customer Support RepresentativeSep 23, 2024Customer Support Specialist - HybridMar 10, 2025**Experienced Customer Service Remote Agent – Access-a-Ride Transportation Program Support**Oct 31, 2025Bilingual ChaplainApr 3, 2026RN Medical Oncology FTJul 16, 2025[Work From Home] Online Freelance Review WriterJun 24, 2025Software Engineer (Backend)Sep 7, 2025Analyst, Sales Operations (Remote- USA)Feb 3, 2026Manager Customer Insights & Data Analytics (remote)Jan 26, 2026CNA - Certified Nursing AssistantMar 23, 2025Spanish Bilingual Remote Customer Service RepresentativeJun 12, 2025