Skip to main content
Permanent & Contract · Canada

Hire Penetration Testers

Screened for testers who think like an attacker and report like a partner.

Why STACK IT

Built to hire penetration testers, not fill seats.

Most agencies optimize for volume. We optimize for the one hire who’s right, vetted by people who understand the work.

A calibrated 3–5 person shortlistTypically within five business days, candidates chosen for your team, not a résumé flood.

Recruiters who speak offense

We screen for whether a tester can find and chain real weaknesses, and report them so they get fixed, not just run a scanner. No candidate reaches you without two recruiters signing off.

Every candidate is real

Fake profiles, proxy interviews, and AI-assisted answers are everywhere in tech hiring. We meet each candidate face-to-face on video and screen for AI patterns, so who you interview is who shows up.

Screened to stay, not just to start

A hire that leaves in a year isn't a win. We align trajectory, growth, and total comp so the tester grows with your team instead of moving on.

You pay only when they start

Success-based and non-exclusive, no upfront fees, no retainers. We invoice on your tester's first day, not before.

How we screen

The Penetration Testers Evaluation Rubric.

We screen for how penetration testers actually think. Every shortlist is judged against the same five criteria that predict whether someone delivers in your codebase.

Open any criterion to see what separates a strong hire

Strong signal

Chains small weaknesses into a real attack path, not just a scanner report.

Falls short

Runs a vulnerability scanner and pastes the output.

Strong signal

Goes deep across web, network, and cloud, and writes their own when tools fall short.

Falls short

Only knows the point-and-click tools.

Strong signal

Scopes engagements carefully and avoids collateral damage.

Falls short

Goes off-scope or knocks over production.

Strong signal

Writes findings developers can act on, with clear remediation steps.

Falls short

Drops a wall of severity ratings with no path to a fix.

Strong signal

Operates with discretion and a clear ethical line you can trust.

Falls short

Treats access casually or oversteps the engagement.

A candidate only reaches your shortlist after they meet all of our standards.

Hire penetration testers with confidence.

Real technical screening, a calibrated shortlist in days, and candidates vetted for fit, not just resumes. Let’s start your search.

  • Pay only when they start
  • First candidates in 24–48 hrs
  • Screened for skills and fit

Specializations

Penetration Testers, across your whole stack.

Whatever your team runs on, we screen for the people who do the work right.

Web App Testing

Finding the flaws in web applications.

OWASP Burp Suite

Network & Infra

Breaking into networks and hosts.

Nmap Metasploit

Cloud Pentesting

Attacking misconfigured cloud.

AWS Azure

Red Teaming

Full-scope adversary simulation.

Red Team C2

Social Engineering

Testing the human layer.

Phishing Pretext

Reporting & Remediation

Findings devs can actually fix.

Reports Remediation

The cost of waiting

An open role isn’t free.

An empty seat doesn’t delay work, it redistributes it. The longer the search drags, the more it costs.

Every week a role stays open, the cost lands on the team you already have.

  • Work waits in the backlog while priorities pile up.
  • They cover work that isn’t theirs, until something slips.
  • The longer the seat stays empty, the harder the restart.

Speed isn’t a nice-to-have. It’s the difference between a gap and a setback.

Time to fill this role

Industry average National, by experience & seniority
~62 days
With STACK IT typical placement
2–3 weeks
48 hrs
First qualified candidate
3–5 days
Calibrated shortlist
18%
Fewer delivery delays once they start

How you hire

Permanent or contract, your call.

Two models, one standard of quality. Bring on the penetration testers you need the way that fits your timeline and budget.

Permanent

Permanent hire

Best when you’re building the team for the long term.

  • You only pay when they start, success-based, no upfront fee.
  • Full-cycle vetting for technical and cultural fit.
  • Backed by our 90-day replacement guarantee.
OR

Contract

Contract hire

Best when you need delivery capacity now, without adding headcount.

  • We’re the employer of record: payroll, compliance, and onboarding handled.
  • Most contractors placed in 5–10 business days.
  • Convert to permanent anytime, with a buyout discount that grows each month.

Not sure which fits? Compare permanent vs. contract

FAQ

Hiring penetration testers, answered.

The questions teams usually ask before starting a search with us.

Certs like OSCP are a signal, not the test. Our screening is recruiter-led and scenario-based: we walk through real engagements to see how a candidate found a path in, stayed in scope, escalated findings, and wrote them up so a dev team could act. We have them explain an exploit chain in plain terms, which quickly separates people who ran a tool from people who understand the attack.

Yes, and it matters. We screen for hands-on offensive work across web, network, and cloud, rather than defensive or compliance-only backgrounds that happen to carry a security title. If you need red-team depth versus a security analyst, we will steer you to the right profile before you spend time interviewing.

Both are common. Point-in-time assessments and time-boxed engagements often fit contract, while building an internal offensive-security or continuous-testing function usually calls for a permanent hire. We will tell you honestly which the role actually needs rather than defaulting to one.

Cybersecurity is one of the roles seeing sustained 2026 premiums, driven by regulation and AI-related risk, so bands move faster here than average. We benchmark against recent placements rather than year-old surveys, and the senior end of the range reflects people who solve expensive problems, not just tenure.

You will typically see a first vetted candidate within 24 to 48 hours and a calibrated shortlist of three to five within about five business days.

Still have a question? Talk to a recruiter

Bill 190 compliant by default.

Every search keeps your hiring audit-ready in Ontario.

See the Bill 190 checklist
  • Salary-range disclosure
  • AI-use transparency
  • Decisions within 45 days