Careers

Join the team.

DALI is a small, deliberate practice. We take fewer engagements than most firms and go considerably deeper. Every operator owns their work end-to-end — the recon, the exploitation, the findings, the report. If that is how you work, we should talk.

Craft over volume

We take fewer engagements and go deeper. You'll have time to do the work properly, not scramble between overlapping scopes.

Findings you own

Every operator writes their own findings. You saw it, you exploited it, you document it. No ghostwriting other people's work.

Paid for expertise

Rates reflect market value for experienced operators, not what a staffing firm thinks they can get away with.

Remote, async-first

We keep daily comms lightweight. You know how to manage an engagement without hand-holding — we trust that.

Open roles

Current openings.

Senior Web Application Penetration Tester

Active hiringContract / 1099Remote — US only$150–$200 / hr

3+ years manual web application testing. Burp Suite Pro fluency required. Experience with GraphQL, gRPC, and modern auth patterns — OAuth2, JWT, SAML. OSCP or equivalent preferred; we care about demonstrated skill over certifications.

Hiring now

Apply →

Network / Active Directory Pentester

Active hiringContract / 1099Remote — US only$140–$185 / hr

Hands-on external and internal network testing. BloodHound, CrackMapExec, Impacket. Active Directory attack chains — Kerberoasting, AS-REP roasting, delegation abuse. OSCP or CRTO preferred.

Hiring now

Apply →

Cloud Security Assessor — AWS / Azure

Active hiringContract / 1099Remote — US only$150–$190 / hr

Deep experience with AWS and Azure attack paths. Pacu, ScoutSuite, Prowler. IAM enumeration and privilege escalation in cloud environments. Experience writing compliance-aligned reports a strong plus.

Hiring now

Apply →

Technical Report Writer / Findings Editor

PipelinePart-timeRemote — US only$75–$100 / hr

Security background required — you need to understand what you're editing. Experience translating technical findings for executive audiences. Cyver Core or similar portal familiarity a bonus.

Pipeline

Notify Me

//All contractors must be US-based and authorized to work in the United States. Background verification required before first engagement. We do not sponsor visas. Questions? Email careers@dali.security.