Security Analyst- Pen Testing

March 6, 2026

Other Jobs To Apply

No other job posts for this day.

The Security Analyst- Pen Testing plays a critical role in facilitating continued growth and execution within our security practice. This highly skilled and detail-oriented Consultant will have deep knowledge in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Hardware Penetration Testing. The ideal candidate will be responsible for identifying vulnerabilities across software and hardware systems, advising on remediation strategies, and communicating findings clearly to both technical and non-technical stakeholders. Primary Responsibilities: • Conduct in-depth SAST, DAST, and SCA assessments across a variety of application types (web, mobile, desktop, APIs). • Perform hardware penetration testing on embedded systems, IoT devices, and industrial control systems (ICS), including debug interface discovery, firmware extraction and analysis, and secure boot review. • Develop and maintain threat models, attack trees, and risk assessments for both software and hardware systems. • Identify and exploit vulnerabilities using both manual techniques and automated tools, simulating real-world attack scenarios. • Provide detailed technical reports and executive summaries tailored to different audiences, including developers, engineers, and leadership. • Collaborate with product and engineering teams to prioritize and remediate vulnerabilities, offering secure design and coding recommendations. • Participate in security architecture reviews and code reviews to identify potential weaknesses early in the development lifecycle. • Assist in the development and implementation of security testing methodologies, checklists, and standard operating procedures. • Conduct security tool evaluations and help integrate them into arenaflex/CD pipelines for continuous security testing. • Lead or support red team/blue team exercises, tabletop simulations, and incident response drills. • Stay abreast of the latest security trends, vulnerabilities, and threat actor tactics, techniques, and procedures (TTPs). • Contribute to internal knowledge bases, training sessions, and technical workshops to upskill team members and clients. • Engage with clients to understand their security needs, define testing scopes, and deliver high-quality consulting services. • Ensure all testing activities comply with legal, ethical, and organizational guidelines, including responsible disclosure practices. • Develop and present organized report findings to technical audiences. Professional Qualifications Sought: • Bachelor’s degree in computer science, cybersecurity or another related field, desired or significant aligned experience. • Overall experience working in a Pen Tester role in a diverse technical hardware and software environments for more than three years. • Certifications such as: Certified Ethical Hacker (CEH), Certified Hardware Security Professional (CHSP), Certified Mobile and Web Application Penetration Tester (CMWAPT), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP) or other generally accepted security certifications, are a plus. • Present openness to new ideas, approaches, and technologies to address core business needs and align to risk tolerance. • Exhibit good time management, and presentation skills in virtual and face-to-face environments. • Consistently exhibit strong oral and written communication skills and the ability to present to groups of varying sizes and audiences in ad-hoc and prepared situations. Technical Qualifications Sought: • Three years of experience independently conducting in-depth SAST and DAST assessments across web, mobile, desktop, and API-based applications using tools such as Burp Suite, Zed Attack Proxy (ZAP) and Nessus. • Referenceable history performing hardware penetration testing on embedded systems, IoT devices, including firmware extraction, reverse engineering and analysis utilizing tools like Binwalk and Ghidra. • Experience analyzing Android and iOS mobile application runtimes using both physical devices and emulators. • Hands-on experience developing and maintaining threat models, attack trees, and risk assessments for both software and hardware systems. • Knowledgeable in identifying and exploiting vulnerabilities using both manual techniques and automated tools, simulating real-world attack scenarios. • History of contributing to the development of detailed technical reports and executive summaries tailored to different audiences, including developers and engineers. • Experience collaborating with product and engineering teams to prioritize and remediate vulnerabilities, offering secure design and coding recommendations. • Successful implementation of security testing methodologies, checklists, and standard operating procedures. • Conduct security tool evaluations on arenaflex/CD pipelines and cloud infrastructure for continuous security testing. • Stay abreast of the latest security trends, vulnerabilities, and threat actor tactics, techniques, and procedures (TTPs). • Contribute to internal knowledge bases, training sessions, and technical workshops to upskill team members and clients. • Engage with clients to understand their security needs, define testing scopes, and deliver high-quality consulting services. • Ensure all testing activities comply with legal, ethical, and organizational guidelines, including responsible disclosure practices. Travel • Must be available to travel four to six times per year, with no more than 24 days away from home in a calendar year. Employment locations: Although this is a remote position, we are only open to employment of individuals with their legal residence in the following states: Wisconsin, Illinois, Ohio, Michigan, Indiana, South Dakota, Iowa, Arkansas, North Carolina, Arizona and Florida. • Health Care Plan (Medical, Dental & Vision) • Retirement Plan (401k, IRA) • Life Insurance (Basic, Voluntary & AD&D) • Paid Time Off (Vacation, Sick & Public Holidays) • Family Leave (Maternity, Paternity) • Long Term Disability • Training & Development • Work From Home • Work life balance • Great Culture Apply tot his job Apply tot his job

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...

DISCLAIMER