Penetration Testing Lead Engineer

Job Title: Penetration Testing Lead Engineer
Location: Kearney, Nebraska
Experience Required: 12+ Years
Employment Type: Contract
Interview Type: In-Person or Webcam

We are looking for an experienced Penetration Testing Lead Engineer to guide security testing initiatives and strengthen the organization's threat resilience. This role requires deep technical expertise in offensive security, the ability to lead complex penetration testing engagements, and strong communication skills to collaborate with technical and executive stakeholders. The ideal candidate will bring hands-on security assessment capabilities, manage vulnerability remediation processes, and mentor a team of ethical hackers and security analysts.

• Lead and execute penetration testing engagements across networks, applications, APIs, cloud environments, and infrastructure.

• Perform security assessments including threat modeling, vulnerability analysis, red team simulations, and social engineering activities.

• Develop detailed test plans, methodologies, and risk-based testing strategies.

• Identify security risks and vulnerabilities, providing clear recommendations and actionable remediation guidance.

• Work closely with engineering, IT, and DevSecOps teams to ensure identified risks are resolved and validated.

• Create and deliver detailed technical reports and executive-level summaries to non-technical stakeholders.

• Maintain up-to-date knowledge of emerging threats, exploit techniques, and zero-day vulnerabilities.

• Improve internal testing frameworks, tools, and processes to enhance organizational security maturity.

• Mentor and guide junior testers and security engineers.

• Ensure compliance with industry standards such as NIST, ISO, PCI-DSS, and regulatory frameworks.

• 12+ years of professional experience in penetration testing, ethical hacking, or offensive security roles.

• Strong hands-on experience with common penetration testing tools and frameworks (e.g., Burp Suite, Metasploit, Kali Linux, Nmap, Nessus, Wireshark, BloodHound).

• Expertise in web application and network security, cloud security testing, and vulnerability exploitation.

• Deep understanding of cybersecurity principles, networking, OS internals, and secure coding practices.

• Experience performing red team operations, adversarial simulations, or threat emulation exercises.

• Proficiency in scripting or programming languages such as Python, Bash, PowerShell, or JavaScript.

• Proven ability to develop professional penetration testing reports and communicate findings clearly.

• Relevant certifications such as OSCP, OSCE, OSEP, GPEN, GWAPT, CEH, or similar.

• Strong analytical, troubleshooting, and problem-solving skills.

• Ability to lead teams effectively in a collaborative environment.

• Experience working with cloud platforms such as AWS, Azure, or GCP from a security perspective.

• Background in cyber incident response and threat intelligence.

• Experience with CI/CD pipeline security and DevSecOps practices.

• Experience testing industrial control systems (ICS) or IoT security is a plus.