Penetration Testing Engineer - Network Security

The Penetration Testing Engineer – Network Security is a hands-on client facing offensive security role responsible for executing network, cloud, and adversary-emulation engagements under established methodologies. This role goes beyond point-in-time vulnerability testing and actively contributes to red team and purple team operations, including social engineering, attack-path validation, and defensive collaboration. Penetration Testing Engineers work closely with senior testers, red team leads, detection engineers, and clients to identify exploitable weaknesses, simulate real-world threat actor behavior, and validate security controls. This role is ideal for practitioners with a strong networking foundation who are ready to operate as adversaries while contributing to high-quality reporting and continuous improvement of testing capabilities. Typical Experience

• 3–5 years of experience in IT, cybersecurity, or offensive security
• Prior exposure to penetration testing, red team activities, SOC collaboration, or adversary emulation
• Experience performing internal, external, or cloud network security assessments Core Responsibilities Network & Infrastructure Penetration Testing
• Execute internal and external network penetration tests, including attack-path discovery and privilege escalation
• Perform port scanning, service enumeration, and network mapping using industry-standard tools
• Identify and validate misconfigurations, weak authentication, segmentation failures, and trust boundary issues
• Assess on-prem and cloud network architectures (AWS, Azure, hybrid environments) Red Team & Purple Team Operations (Required)
• Participate in red team engagements simulating real-world adversaries
• Execute TTP-driven attacks aligned to frameworks such as MITRE ATT&CK
• Support purple team exercises by collaborating with defensive teams to:
• Validate detections
• Tune alerts
• Measure defensive coverage
• Provide clear attacker-perspective feedback to blue teams and security leadership Social Engineering (Required)
• Support and/or execute social engineering campaigns, including:
• Phishing (email-based and credential harvesting)
• Vishing and pretexting (as authorized)
• Physical security testing support (where in scope)
• Assist in campaign planning, execution, and ethical handling of sensitive data
• Document social engineering outcomes with clear business and risk context Reporting & Communication
• Draft clear, accurate technical findings with reproduction steps and evidence
• Contribute to executive summaries that explain risk, impact, and attack feasibility
• Communicate findings effectively to:
• Technical teams
• Defensive stakeholders
• Non-technical leadership
• Support remediation validation and re-testing activities Tooling & Continuous Improvement
• Use and help improve offensive tooling, scripts, and testing infrastructure
• Support automation efforts for discovery, enumeration, and validation
• Continuously develop skills in network attacks, cloud security, and adversary techniques Technical Skills & Knowledge Required Technical Skills
• Strong understanding of:
• TCP/IP, routing, DNS, DHCP
• Network segmentation and trust boundaries
• Hands-on experience with:
• Port scanning and enumeration (e.g., Nmap)
• Vulnerability identification and validation
• Familiarity with common network attack vectors:
• Weak credentials
• Misconfigured services
• Excessive trust and lateral movement paths
• Working knowledge of firewalls, VPNs (IPSec/SSL), and access controls
• Basic scripting for automation (Bash, Python, or PowerShell) Cloud & Hybrid Environments
• Navigating cloud platforms (AWS and/or Azure)
• Understanding:
• Security groups / NSGs
• IAM users, roles, and policies
• Storage services (S3, Blob Storage)
• Identifying cloud-specific misconfigurations and exposure risk Red / Purple Team & Social Engineering Requirements This role requires demonstrated interest or experience in:
• Adversary emulation and red team testing
• Purple team collaboration with SOC and detection teams
• Social engineering techniques and ethical execution
• Translating attacker actions into defensive improvement opportunities Candidates should be motivated to think like attackers while improving organizational resilience. Soft Skills & Professional Expectations
• Strong curiosity and desire to continuously improve offensive skills
• Ability to accept feedback and iterate on findings and techniques
• Professional judgment, ethical conduct, and respect for authorization boundaries
• Clear written and verbal communication skills
• Ability to collaborate effectively across offensive and defensive teams Certifications (Optional but Beneficial) While hands-on ability is prioritized, certifications that align with this role include:
• Network or security fundamentals
• Offensive security or red team–oriented certifications
• Social engineering or adversary emulation training Who is Evolve Security? Evolve Security is a cybersecur