NetSPI · 18 hours ago
Security Consultant II (Thick Client Penetration Tester)
Minneapolis, MN
Full-time
Onsite
Mid Level
3+ years expNetSPI is a leader in Penetration Testing as a Service (PTaaS), focusing on modern pentesting and security innovation. The Security Consultant II will conduct thorough security assessments and penetration testing, particularly on thick client applications, while collaborating with clients to enhance their security posture.
ComputerCyber SecurityInformation TechnologyNetwork SecurityService Industry
Responsibilities
Conduct penetration testing engagements on below service line independently:
Thick Application Penetration Testing
Includes Web Application Penetration (WaPen) testing
Occasionally includes Mobile (MaPen) and IOT/embedded penetration testing
Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture
Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes
Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations
Qualification
Required
Bachelor's degree or higher required, with a concentration in Computer Science, Engineering, Math, or IT preferred, or equivalent experience
Minimum of 3-4 years of work experience in Thick Application Penetration Testing for applications written in Java, C#, C, C++, Swift, Rust, etc. code
Includes experience with offensive toolkits used in web application penetration testing
Experience with disassemblers and debuggers like WinDbg, IDA, Ghidra, etc
Experience with dynamic instrumentation toolkits like Frida
Familiarity with offensive tools (e.g., Kali Linux, Burp Suite, Metasploit, Nessus)
Familiarity with offensive and defensive IT concepts and protocols
Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks
Working knowledge of Windows, Linux and MacOS operating systems internals
Ability to work independently and as part of a team
Proficient communication skills, both written and verbal
This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs
Preferred
Experience performing fuzz testing
Ability to reverse engineer proprietary application layer protocols
Experience with IOT/embedded penetration testing
Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#)
Offensive Security Certifications (e.g., GWAPT, GPEN, GXPN, OSWE, OSCP, OSCE)
Company
NetSPI
NetSPI is a cybersecurity company that offers enterprise security testing and attack surface management services.
501-1000 employees
H1B Sponsorship
NetSPI has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2024 (3)
2023 (1)
2022 (2)
2021 (5)
2020 (5)
Funding
Current Stage
Late StageTotal Funding
$500MKey Investors
Kohlberg Kravis Roberts
2022-10-05Private Equity· $410M
2021-05-12Private Equity· $90M
2017-04-21Private Equity
Leadership Team
Aaron Shilts
President and CEO
Alvaro Warden
Vice President, WW Channels @ NetSPI
Recent News
2025-11-24
Company data provided by crunchbase