Vivid Resourcing is hiring: Penetration Tester in Worcester

We are looking for a highly skilled Penetration Tester to join our cybersecurity team. In this role, you will simulate real-world cyberattacks to identify vulnerabilities in applications, systems, networks, and cloud environments. Your findings will help us strengthen our security posture and stay ahead of evolving threats.

You will be part of a collaborative offensive security team, working closely with security engineers, developers, and IT teams to ensure vulnerabilities are properly mitigated and business risks are minimized.

Key Responsibilities

• Perform black-box, gray-box, and white-box penetration tests against web applications, networks, APIs, mobile apps, and cloud environments.
• Develop and execute custom exploits or proof-of-concept attacks when needed.
• Identify and document vulnerabilities using tools such as Burp Suite, Metasploit, Nmap, Nessus, and manual testing techniques.
• Collaborate with development and infrastructure teams to validate and prioritize remediation efforts.
• Produce detailed, professional reports and debriefs that clearly communicate risks, impact, and mitigation strategies to technical and non-technical stakeholders.
• Conduct threat modeling and adversary simulation exercises (e.g., red teaming).
• Stay current on emerging threats, vulnerabilities, tools, and attack techniques (e.g., MITRE ATT&CK framework, OWASP Top 10).
• Participate in security assessments of new systems, third-party applications, or infrastructure before deployment.

Required Skills & Qualifications

• 2+ years of hands-on penetration testing or offensive security experience.
• Strong understanding of application security, network protocols, operating systems (Linux, Windows), and cloud environments (AWS, Azure, or GCP).
• Experience with common pentest tools: Burp Suite, Metasploit, Nmap, Wireshark, etc.
• Familiarity with scripting languages (Python, Bash, PowerShell, etc.).
• Understanding of CVSS scoring, vulnerability disclosure standards, and responsible reporting practices.
• Strong written and verbal communication skills.

Preferred Qualifications (Nice to Have)

• Experience with social engineering campaigns or physical security testing.
• Familiarity with DevSecOps or CI/CD pipelines from a security perspective.
• Experience in red teaming, purple teaming, or threat emulation frameworks.
• Knowledge of cloud-native security vulnerabilities and misconfigurations.

This range is provided by Vivid Resourcing. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range: $100.00/hr - $120.00/hr

Seniority level: Mid-Senior level

Employment type: Contract

Job function: Engineering and Information Technology

Industries: Hospitals and Health Care and IT System Testing and Evaluation