The Penetration Testing Engineer – Network Security is a hands-on client facing offensive security role responsible for executing network, cloud, and adversary-emulation engagements under established methodologies. This role goes beyond point-in-time vulnerability testing and actively contributes to red team and purple team operations, including social engineering, attack-path validation, and defensive collaboration.
Penetration Testing Engineers work closely with senior testers, red team leads, detection engineers, and clients to identify exploitable weaknesses, simulate real-world threat actor behavior, and validate security controls. This role is ideal for practitioners with a strong networking foundation who are ready to operate as adversaries while contributing to high-quality reporting and continuous improvement of testing capabilities.
Requirements
Typical Experience
- 3–5 years of experience in IT, cybersecurity, or offensive security
- Prior exposure to penetration testing, red team activities, SOC collaboration, or adversary emulation
- Experience performing internal, external, or cloud network security assessments
Core Responsibilities
Network & Infrastructure Penetration Testing
- Execute internal and external network penetration tests, including attack-path discovery and privilege escalation
- Perform port scanning, service enumeration, and network mapping using industry-standard tools
- Identify and validate misconfigurations, weak authentication, segmentation failures, and trust boundary issues
- Assess on-prem and cloud network architectures (AWS, Azure, hybrid environments)
Red Team & Purple Team Operations (Required)
- Participate in red team engagements simulating real-world adversaries
- Execute TTP-driven attacks aligned to frameworks such as MITRE ATT&CK
- Support purple team exercises by collaborating with defensive teams to:
- Validate detections
- Tune alerts
- Measure defensive coverage
- Provide clear attacker-perspective feedback to blue teams and security leadership
Social Engineering (Required)
- Support and/or execute social engineering campaigns, including:
- Phishing (email-based and credential harvesting)
- Vishing and pretexting (as authorized)
- Physical security testing support (where in scope)
- Assist in campaign planning, execution, and ethical handling of sensitive data
- Document social engineering outcomes with clear business and risk context
Reporting & Communication
- Draft clear, accurate technical findings with reproduction steps and evidence
- Contribute to executive summaries that explain risk, impact, and attack feasibility
- Communicate findings effectively to:
- Technical teams
- Defensive stakeholders
- Non-technical leadership
- Support remediation validation and re-testing activities
Tooling & Continuous Improvement
- Use and help improve offensive tooling, scripts, and testing infrastructure
- Support automation efforts for discovery, enumeration, and validation
- Continuously develop skills in network attacks, cloud security, and adversary techniques
Technical Skills & Knowledge
Required Technical Skills
- Strong understanding of:
- TCP/IP, routing, DNS, DHCP
- Network segmentation and trust boundaries
- Hands-on experience with:
- Port scanning and enumeration (e.g., Nmap)
- Vulnerability identification and validation
- Familiarity with common network attack vectors:
- Weak credentials
- Misconfigured services
- Excessive trust and lateral movement paths
- Working knowledge of firewalls, VPNs (IPSec/SSL), and access controls
- Basic scripting for automation (Bash, Python, or PowerShell)
Cloud & Hybrid Environments
- Navigating cloud platforms (AWS and/or Azure)
- Understanding:
- Security groups / NSGs
- IAM users, roles, and policies
- Storage services (S3, Blob Storage)
- Identifying cloud-specific misconfigurations and exposure risk
Red / Purple Team & Social Engineering Requirements
This role requires demonstrated interest or experience in:
- Adversary emulation and red team testing
- Purple team collaboration with SOC and detection teams
- Social engineering techniques and ethical execution
- Translating attacker actions into defensive improvement opportunities
Candidates should be motivated to think like attackers while improving organizational resilience.
Soft Skills & Professional Expectations
- Strong curiosity and desire to continuously improve offensive skills
- Ability to accept feedback and iterate on findings and techniques
- Professional judgment, ethical conduct, and respect for authorization boundaries
- Clear written and verbal communication skills
- Ability to collaborate effectively across offensive and defensive teams
Certifications (Optional but Beneficial)
While hands-on ability is prioritized, certifications that align with this role include:
- Network or security fundamentals
- Offensive security or red team–oriented certifications
- Social engineering or adversary emulation training
Benefits
Who is Evolve Security?
Evolve Security is a cybersecurity services firm headquartered in Chicago, IL. We are dedicated to improving our client’s security posture by providing continuous penetration testing, training services, and talent solutions.
In addition to our professional cybersecurity service offerings, Evolve Security offers a cybersecurity bootcamp, “Evolve Academy”, currently ranked the #1 cybersecurity bootcamp in the world. The Cybersecurity Bootcamp in Chicago provides immersive training, giving students the concrete and practical skills, needed on the job. Students gain real work experience through live security assessment work that they perform on not-for-profit companies.
We are passionate about directly improving our customers’ security posture, and we proudly train others to help meet the need for qualified cybersecurity talent.
Benefits Include
- Annual vacation reimbursement
