This job has expired

This position was posted on October 11, 2025 and is likely no longer accepting applications. We've kept it here for historical reference. Check out the similar jobs below!

Pentesting Ethical Hacker

Insight Assurance

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• Join Insight Assurance as a Pentesting Ethical Hacker and become the last line of defense for more than 1,200 organizations that rely on us for SOC 2, PCI DSS, ISO 27001, and HIPAA compliance. You will simulate real-world attacks on cloud, on-prem, and hybrid environments to uncover vulnerabilities before malicious actors do.
• Plan and execute end-to-end penetration tests—from scoping and rules-of-engagement to post-exploitation reporting—across web, mobile, API, network, and wireless attack surfaces. Each engagement is tailored to the client’s unique risk profile, regulatory obligations, and business objectives.
• Translate complex technical findings into executive-ready narratives that help CFOs, CISOs, and audit committees understand risk in dollars, downtime, and reputational impact. Your reports will directly influence remediation priorities and future security investments.
• Work hand-in-hand with our licensed CPA, PCI QSA, and ISO 27001 certification teams to ensure that pen-test evidence maps cleanly to control requirements. This cross-functional collaboration shortens audit cycles and gives clients a single, unified compliance experience.
• Leverage both automated and manual techniques: run Nessus, Burp, Metasploit, and custom scripts, but also perform targeted manual testing to uncover logic flaws, privilege-escalation chains, and business-process weaknesses that scanners miss.
• Maintain a living knowledge base of emerging threats, CVEs, and exploit chains. You will curate this intel into playbooks that junior consultants and clients can reuse, raising the security maturity of the entire Insight Assurance ecosystem.
• Contribute to red-team and purple-team exercises for enterprise clients who want to test detection and response capabilities. Your adversarial mindset will help SOC analysts fine-tune alerts and validate incident-response runbooks.
• Champion responsible disclosure by coordinating with vendors and upstream maintainers when zero-days are discovered. Insight Assurance’s reputation for ethical hacking is a cornerstone of client trust, and you will be its public face at conferences, webinars, and threat-intel briefings.
• Automate repetitive tasks in Python, Go, or Bash to accelerate testing cycles and free up time for creative, high-value exploitation. Your scripts will be peer-reviewed, version-controlled, and shared internally to scale the team’s impact.
• Mentor junior testers and run monthly “lunch-and-learn” sessions on topics like OAuth bypasses, container escape techniques, or mainframe pen-testing. Your teaching moments will shape the next generation of ethical hackers at Insight Assurance.
• Track billable hours, risk ratings, and remediation timelines inside Jira and Salesforce so that clients receive real-time dashboards. This transparency turns pen-testing from a point-in-time snapshot into an ongoing security dialogue.
• Uphold the rigor of a former Big-4 culture—documentation, peer review, and quality assurance—while enjoying the agility of a remote-first startup. Every test you deliver carries the Insight Assurance brand, so precision and clarity are non-negotiable.

🎯 Requirements

• 3+ years of hands-on penetration testing experience across web, network, and cloud environments, backed by OSCP, GPEN, GWAPT, or equivalent certification
• Demonstrated ability to translate technical vulnerabilities into business risk narratives for executive stakeholders
• Proficiency with standard pen-testing toolkits (Burp Suite Pro, Metasploit, Nmap, Nessus, BloodHound) and scripting languages (Python, Bash, or PowerShell)
• Deep understanding of compliance frameworks such as SOC 2, PCI DSS, ISO 27001, and HIPAA, including how pen-test findings map to specific control objectives
• Strong written and verbal communication skills; comfortable presenting to both technical teams and C-suite audiences
• U.S. work authorization and ability to pass a background check; occasional domestic travel for on-site testing may be required

🏖️ Benefits

• 100% remote-first culture with flexible hours and a quarterly stipend for home-office upgrades
• Annual training and certification budget up to $5,000 plus five paid study days for advanced courses (e.g., OSCE, CRTO, GXPN)
• Premium medical, dental, and vision insurance covered at 100% for employees and 75% for dependents
• 20 days PTO, 10 federal holidays, and a year-end shutdown between Christmas and New Year’s
• Stock option plan and performance bonuses tied to client satisfaction and zero-day discoveries

Skills & Technologies

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Insight Assurance

Visit Website

About Insight Assurance

Insight Assurance is a cybersecurity and compliance firm providing SOC 2, ISO 27001, HIPAA, PCI-DSS, and FedRAMP assessments, penetration testing, and managed compliance services. Serving SaaS, fintech, healthcare, and cloud organizations, it combines auditors, engineers, and advisors to streamline audit readiness, reduce risk, and accelerate sales cycles. Founded in 2019 and headquartered in Lehi, Utah, the company delivers fixed-fee, remote-first engagements supported by proprietary compliance automation software and continuous monitoring tools.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.