Penetration Testing Engineer - Network Security
The Penetration Testing Engineer – Network Security is a hands-on client facing offensive security role responsible for executing network, cloud, and adversary-emulation engagements under established methodologies. This role goes beyond point-in-time vulnerability testing and actively contributes to red team and purple team operations, including social engineering, attack-path validation, and defensive collaboration. Penetration Testing Engineers work closely with senior testers, red team leads, detection engineers, and clients to identify exploitable weaknesses, simulate real-world threat actor behavior, and validate security controls. This role is ideal for practitioners with a strong networking foundation who are ready to operate as adversaries while contributing to high-quality reporting and continuous improvement of testing capabilities. Typical Experience
- 3–5 years of experience in IT, cybersecurity, or offensive security
- Prior exposure to penetration testing, red team activities, SOC collaboration, or adversary emulation
- Experience performing internal, external, or cloud network security assessments Core Responsibilities Network & Infrastructure Penetration Testing
- Execute internal and external network penetration tests, including attack-path discovery and privilege escalation
- Perform port scanning, service enumeration, and network mapping using industry-standard tools
- Identify and validate misconfigurations, weak authentication, segmentation failures, and trust boundary issues
- Assess on-prem and cloud network architectures (AWS, Azure, hybrid environments) Red Team & Purple Team Operations (Required)
- Participate in red team engagements simulating real-world adversaries
- Execute TTP-driven attacks aligned to frameworks such as MITRE ATT&CK
- Support purple team exercises by collaborating with defensive teams to:
- Validate detections
- Tune alerts
- Measure defensive coverage
- Provide clear attacker-perspective feedback to blue teams and security leadership Social Engineering (Required)
- Support and/or execute social engineering campaigns, including:
- Phishing (email-based and credential harvesting)
- Vishing and pretexting (as authorized)
- Physical security testing support (where in scope)
- Assist in campaign planning, execution, and ethical handling of sensitive data
- Document social engineering outcomes with clear business and risk context Reporting & Communication
- Draft clear, accurate technical findings with reproduction steps and evidence
- Contribute to executive summaries that explain risk, impact, and attack feasibility
- Communicate findings effectively to:
- Technical teams
- Defensive stakeholders
- Non-technical leadership
- Support remediation validation and re-testing activities Tooling & Continuous Improvement
- Use and help improve offensive tooling, scripts, and testing infrastructure
- Support automation efforts for discovery, enumeration, and validation
- Continuously develop skills in network attacks, cloud security, and adversary techniques Technical Skills & Knowledge Required Technical Skills
- Strong understanding of:
- TCP/IP, routing, DNS, DHCP
- Network segmentation and trust boundaries
- Hands-on experience with:
- Port scanning and enumeration (e.g., Nmap)
- Vulnerability identification and validation
- Familiarity with common network attack vectors:
- Weak credentials
- Misconfigured services
- Excessive trust and lateral movement paths
- Working knowledge of firewalls, VPNs (IPSec/SSL), and access controls
- Basic scripting for automation (Bash, Python, or PowerShell) Cloud & Hybrid Environments
- Navigating cloud platforms (AWS and/or Azure)
- Understanding:
- Security groups / NSGs
- IAM users, roles, and policies
- Storage services (S3, Blob Storage)
- Identifying cloud-specific misconfigurations and exposure risk Red / Purple Team & Social Engineering Requirements This role requires demonstrated interest or experience in:
- Adversary emulation and red team testing
- Purple team collaboration with SOC and detection teams
- Social engineering techniques and ethical execution
- Translating attacker actions into defensive improvement opportunities Candidates should be motivated to think like attackers while improving organizational resilience. Soft Skills & Professional Expectations
- Strong curiosity and desire to continuously improve offensive skills
- Ability to accept feedback and iterate on findings and techniques
- Professional judgment, ethical conduct, and respect for authorization boundaries
- Clear written and verbal communication skills
- Ability to collaborate effectively across offensive and defensive teams Certifications (Optional but Beneficial) While hands-on ability is prioritized, certifications that align with this role include:
- Network or security fundamentals
- Offensive security or red team–oriented certifications
- Social engineering or adversary emulation training Who is Evolve Security? Evolve Security is a cybersecur
Apply tot his job Apply To this Job