Penetration Tester (1099 Independent Contractor, U.S.-Based)

About Socium Security

Socium Security is a modern cybersecurity partner built for organizations that need clarity, speed, and measurable impact. We help leadership teams safeguard what matters most—protecting value, reducing operational risk, and strengthening resilience across every stage of organizational growth.

Grounded in curiosity, authenticity, adaptability, and practical execution, we challenge assumptions and deliver clear, actionable intelligence - not theoretical checklists. Our approach blends strategic advisory with hands-on technical expertise, ensuring decisions are informed, investments are prioritized, and security programs mature with purpose.

With decades of experience supporting Fortune 500 enterprises, global brands, and high-growth companies, our leadership brings deep, real-world insight into complex environments, operational maturity models, and the risk factors that directly influence organizational performance.

Penetration Tester (1099 Independent Contractor, U.S.-Based)

Socium is seeking a U.S.-based independent penetration testing consultant to support client engagements on a project basis. This role is best suited for a mid-to-senior tester who can independently execute scoped assessments, validate real-world exploitability through manual testing, and deliver polished client-ready reports and debriefs.

Primary responsibilities

• Conduct web application, API, external/internal network, and selected cloud penetration tests within agreed rules of engagement
• Manually validate findings, distinguish exploitable risk from noise, and chain issues where appropriate
• Produce deliverable reports with executive summary, technical details, evidence, reproduction steps, and prioritized remediation guidance
• Present results to technical and non-technical stakeholders and support limited retesting tied to the engagement scope

Required experience

• 5+ years of professional penetration testing experience
• 3+ years leading client-facing consulting engagements or equivalent
• Strong hands-on depth in at least two of the following: web applications/APIs, external/internal network testing, Active Directory, AWS/Azure/GCP testing
• Strong written communication and report-writing skills
• Experience with Burp Suite Pro, Nmap, Metasploit, and scripting in Python, Bash, or PowerShell

Preferred

• Mobile testing, social engineering, or adversary simulation experience
• Relevant certifications such as OSCP, OSEP, OSWE, GWAPT, GPEN, GXPN, PNPT, or CPTS
• Experience presenting findings to clients or executives

Contract terms

• 1099 independent contractor engagement
• Must reside and perform services within the United States
• Must be able to provide a W-9 and invoice as a U.S.-based individual or business
• No third-party agencies, staffing firms, or offshore subcontracting
• Contractor is responsible for standard tooling and methods used to meet agreed deliverables, subject to client testing windows and rules of engagement