Contact Us

External Penetration Testing Consultant

By /

Job Title: External Penetration Testing Consultant

Location: [Remote]
Job Type: [Contract / Project-Based]
Department: Offensive Security / Cybersecurity Services
Reports To: Director of Offensive Security / CISO

Job Summary:

We are seeking an experienced External Penetration Testing Consultant to perform security assessments of client-facing systems, applications, and infrastructure. The ideal candidate will possess deep knowledge of offensive security techniques, proficiency with industry-standard penetration testing tools, and the ability to assess modern systems—including those powered by or integrating AI and machine learning. The consultant will deliver detailed vulnerability reports and actionable remediation guidance to improve the client’s overall security posture.

Key Responsibilities:

  • Conduct external penetration tests against web applications, APIs, networks, cloud environments, and externally exposed systems.
  • Assess and exploit vulnerabilities in traditional and modern systems, including AI-powered applications or those built with AI frameworks.
  • Use both automated tools and manual techniques to simulate real-world attack scenarios and uncover security weaknesses.
  • Evaluate application logic, authentication, authorization, and data handling for exploitable conditions.
  • Identify vulnerabilities such as injection flaws, misconfigurations, insecure APIs, model poisoning, prompt injection, and model leakage (for AI systems).
  • Develop detailed, client-facing reports that clearly explain findings, risk impact, evidence, and tailored remediation strategies.
  • Work closely with client stakeholders to debrief findings and support their internal remediation efforts.
  • Stay current on emerging threats, techniques, and AI-specific attack vectors in the cybersecurity landscape.
  • Ensure testing complies with client-specified scope, timelines, and regulatory frameworks (e.g., OWASP, MITRE ATT&CK, NIST).

Required Qualifications:

  • 3–7+ years of hands-on penetration testing experience, including external assessments.
  • Strong experience with tools such as Burp Suite, Nmap, Metasploit, Nessus, Nikto, OWASP ZAP, SQLMap, and Kali Linux tools.
  • Familiarity with AI/ML applications, LLMs, or frameworks (e.g., TensorFlow, PyTorch) from a security standpoint.
  • Ability to test for AI-specific vulnerabilities such as model extraction, adversarial inputs, and prompt injection.
  • Proficiency in scripting or programming languages: Python, Bash, PowerShell, JavaScript.
  • Understanding of cloud platforms (AWS, Azure, GCP) and their external attack surfaces.
  • Experience preparing and presenting detailed vulnerability reports with CVSS scoring, risk rating, and remediation recommendations.

Preferred Qualifications:

  • Offensive security certifications such as OSCP, OSWE, GPEN, GXPN, or CRTO.
  • Experience with AI security tools and custom testing scripts for adversarial ML.
  • Knowledge of regulatory and compliance standards (e.g., PCI-DSS, HIPAA, ISO 27001).
  • Background in secure software development or red teaming.

Soft Skills:

  • Strong communication and documentation skills.
  • Ability to work independently and meet tight deadlines.
  • Client-facing experience and professional demeanor.

 

Job Category: Testing Consultant
Job Type: Contract Project-Based
Job Location: Remote

Apply for this position

Allowed Type(s): .pdf, .doc, .docx

Talk to Us

Ready to become cyber resilient

Meet with our security experts to discuss your use cases, technology and pain points and learn how O2 Cyber can help


    Trusted next generation cyber partner

    Instagram X-twitter Linkedin

    Expertise

    Quick Links

    Support

    Newsletter


      Copyright 2025. All rights reserved

      Scroll to Top

      Level 4: Cyber Security Incident Response Process (CSIRP)

      At the SOC’s most advanced level are managers and chief officers and they will be more engaged and execute this process. This group oversees all SOC team activities and is responsible for hiring and training, plus evaluating individual and overall performance. Level 4's step in during crises, and, specifically, serve as the liaison between the Security team and the rest of the organization. They are also responsible for ensuring compliance with organization, industry and government regulations.

      Level 3: Proactive security operations

      The security managers are informed and specialist crew are involved and begin moving from reactive to proactive security actions. Personnel are likely expert security analysts who are actively searching for vulnerabilities within the network and hunting for threats. They will use advanced threat detection tools to diagnose weaknesses and make recommendations for overall security improvement. Within this group, you might also find specialists, such as forensic investigators, compliance auditors or cybersecurity analysts. They will decide to escalate Level 4.

      Level 2: Cyber Incident Remediation

      These personnel can quickly get to the root of the problem and assess which part of your infrastructure is an issue or at risk. They will follow a well defined playbook process and makes decision to remediate the problem based on knowledge of the issue and environments. They will flag certain issues for additional investigation outside of the incident response protocol and when to escalate to Level 3.

      Level 1: First responders

      The first line of incident responders are group of security analysts who will be eyes on glass 24x7 and watch for alerts. They are primarily tasked to look at the urgency of an alert, can it be solved within their confines which is automated playbook / orchestration or follow up on established playbooks. Based on the above they play a role to escalate to Level 2. They are also responsible to run statistics and SOC reports for review. Behavioral analytics and AI based beta models are adopted for advanced needs to act as L1.