[Remote] Security Consultant II (Thick Client Penetration Tester)

Note:The job is a remote job and is open to candidates in USA. NetSPI is a leader in Penetration Testing as a Service (PTaaS) and is seeking a skilled Security Consultant II to join their team. The role involves conducting thorough security assessments, identifying vulnerabilities, and providing expert recommendations to enhance clients' security posture, particularly focusing on thick client penetration testing. Responsibilities• Conduct penetration testing engagements on below service line independently:• Thick Application Penetration Testing• Includes Web Application Penetration (WaPen) testing.• Occasionally includes Mobile (MaPen) and IOT/embedded penetration testing. • Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture. • Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes• Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations.Skills• Bachelor’s degree or higher required, with a concentration in Computer Science, Engineering, Math, or IT preferred, or equivalent experience• Minimum of 3-4 years of work experience in Thick Application Penetration Testing for applications written in Java, C#, C, C++, Swift, Rust, etc. code• Includes experience with offensive toolkits used in web application penetration testing• Experience with disassemblers and debuggers like WinDbg, IDA, Ghidra, etc. • Experience with dynamic instrumentation toolkits like Frida• Familiarity with offensive tools (e.g., Kali Linux, Burp Suite, Metasploit, Nessus)• Familiarity with offensive and defensive IT concepts and protocols• Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks• Working knowledge of Windows, Linux and MacOS operating systems internals• Ability to work independently and as part of a team• Proficient communication skills, both written and verbal• This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs• Experience performing fuzz testing• Ability to reverse engineer proprietary application layer protocols• Experience with IOT/embedded penetration testing• Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#)• Offensive Security Certifications (e.g., GWAPT, GPEN, GXPN, OSWE, OSCP, OSCE)Company Overview• NetSPI is a cybersecurity company that offers enterprise security testing and attack surface management services.It was founded in 2001, and is headquartered in Minneapolis, Minnesota, USA, with a workforce of 501-1000 employees. Its website isCompany H1B Sponsorship• NetSPI has a track record of offering H1B sponsorships, with 1 in 2025, 3 in 2024, 1 in 2023, 2 in 2022, 5 in 2021, 5 in 2020. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job