These positions are some of our common roles, but please reach out if you think you may be a good fit for a position that is not posted.
We are an information security firm focused on penetration testing.
Meet the team
After four years of software development experience, Alex landed his dream job and became a penetration tester in 2007. Since then, Alex has been collaborating closely with organizations of all sizes in securing web, mobile and thick-client applications, in addition to penetration testing networks and devices. Alex specializes in fulfilling challenging engagements that require multiple skill sets to complete.
He enjoys solving problems at scale, automation, developing tools, and constantly learning from the wealth of information available today. Alex has presented at both regional and national security conferences, such as SecKC, SecureWorld Kansas City, and BlackHat USA. Alex’s research has been covered by various local and national news organizations.
Alex founded SecKC, which is a non-profit organization which is designed to foster information security in Kansas City with over 1,000 attendees annually. Alex is an Offensive Security Certified Professional (OSCP), a Burp Suite Certified Professional (BSCP), and has a B.S. in Computer Science from the University of Kansas.
Outside of security, Alex enjoys spending time with his family, various learning (podcasts, audiobooks, and YouTube), as well as biking (mountain, road, and gravel), running, and being outdoors.
Josiah Pierce is a Managing Security Consultant at TrustFoundry with a background in systems and applications engineering. Josiah's primary area of expertise is in web application penetration testing. He enjoys the process of thinking and acting like an attacker in order to determine weak points in systems and help strengthen them. Josiah enjoys competing in Capture the Flag (CTF) competitions in his spare time and is interested in exploit development and reverse engineering. He also enjoys creating writeups for CTF challenges he has completed.
Josiah holds several security certifications, including the Offensive Security Certified Professional (OSCP), CREST CPSA, CREST CRT, GIAC Python Coder (GPYC), and GIAC Certified Detection Analyst (GCDA) certifications. He has a BA in English from Virginia Tech.
Alex is an accomplished security engineer and technical manager who prides himself on his ability to explain technical concepts to non-technical staff members. Alex has almost ten years of experience in penetration testing which has given him a wide range of experience with different technologies but his focus surrounds application technologies; covering web, API, mobile and thick clients. On top of this Alex has experience with infrastructure testing and social engineering, including many physical intrusion assessments. Alex has spoken at conferences internationally; most notably B-Sides London and DSS-ITsec Latvia.
Tom Fieber is a Senior Security Consultant at TrustFoundry. Prior to joining TrustFoundry, Tom retired from the U.S. Army after 21 years in intelligence community. Tom’s main area of focus is on internal and external network penetration testing. He particularly enjoys testing Active Directory environments. Tom is excited to work with organizations to help improve their security posture. In his spare time, Tom enjoys cycling, playing with his children, and playing trivia games.
Tom holds several security certifications, including the Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), OffSec Experienced Pentester (OSEP), TCM-Security Practical Network Penetration Tester (PNPT), Certified Red Team Operator (CRTO), eLearnSecurity Certified Professional Penetration Tester (eCPPT) and eLearnSecurity Web Application Penetration Tester (eWPT). Tom also holds a Master of Science in Cybersecurity from Utica University.
Tom holds several security certifications, including the Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), OffSec Experienced Pentester (OSEP), TCM-Security Practical Network Penetration Tester (PNPT), Certified Red Team Operator (CRTO), eLearnSecurity Certified Professional Penetration Tester (eCPPT) and eLearnSecurity Web Application Penetration Tester (eWPT). Tom also holds a Master of Science in Cybersecurity from Utica University.
Bridgett is the Account Manager at TrustFoundry and enjoys
working with clients in many different industries. Bridgett
has worked in a variety of sales positions for over 16 years
in the software and security industry. In her spare time,
she enjoys spending time with her two children, traveling
and being outdoors.
working with clients in many different industries. Bridgett
has worked in a variety of sales positions for over 16 years
in the software and security industry. In her spare time,
she enjoys spending time with her two children, traveling
and being outdoors.
Ethan Finn is a Security Consultant at TrustFoundry. Ethan’s area of expertise is web application penetration testing. Ethan enjoys and participates regularly in online hacking challenges on platforms that include HacktheBox, TryHackMe, and VulnHub, and he is interested in social engineering and exploit development.
Ethan is an Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner (BSCP), and holds the Security+ certification. Ethan has a B.S. in Physics and Music from Northeastern University.
Ethan is an Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner (BSCP), and holds the Security+ certification. Ethan has a B.S. in Physics and Music from Northeastern University.
Godson Bastin, a passionate security consultant at TrustFoundry, specializes in web application penetration testing, API security, source code analysis, and mobile penetration testing, ensuring robust platform security standards. Beyond his professional duties, Godson actively contributes to the cybersecurity community by delivering technical talks at esteemed gatherings like OWASP and cybersecurity meetups, as well as reporting issues he has identified in software such as Mozilla Firefox. He shares his insights through technical write-ups and engages in community building by creating online hacking challenges. Continuously participating in hacking competitions, he stays up to date on evolving technologies and has earned top rankings, demonstrating his commitment to excellence in the field.
Tracy is an experienced project manager, having served the industry for over ten years at various penetration testing companies. Tracy has superior organization skills, combined with her aptitude for helping others which results in well organized, stress free projects for both customers and consultants
Suraj is an accomplished bug bounty hunter and penetration tester focusing mainly on application technologies and reviewing source code. Suraj has found and reported important vulnerabilities to more than a hundred organizations globally, including some of the top internet companies like Amazon, Paypal, Stripe and Meta. His work on major ethical hacking platforms like HackerOne and Bugcrowd made him among the top 1% of security researchers. Suraj is well known for finding unique, high-risk vulnerabilities.
Ana Batranović is a Security Consultant at TrustFoundry. Ana's primary areas of expertise are web exploitation and Active Directory. She enjoys scanning web applications for possible misconfigurations and ensuring that each vulnerability is communicated in a way that aligns with the client's best interests. In her spare time, she enjoys honing her skills through various simulated lab environments, such as HackTheBox, Portswigger, and TryHackMe, as well as doing research and writing blogs.
Ana holds the Certified Red Team Operator (CRTO) and Offensive Security Wireless Professional (OSWP) certifications.
Ana holds the Certified Red Team Operator (CRTO) and Offensive Security Wireless Professional (OSWP) certifications.
Toby Jackson is a senior security consultant at TrustFoundry with a passion for securing the digital world and solving complex problems. His primary area of expertise relates to Active Directory infrastructure and network testing, as well as adversary simulation/emulation, with a focus on emerging threats and evading security controls. Toby also excels in web application assessments, both source code assisted and black box, with a passion for finding high-severity, business-critical issues by thinking creatively, akin to a threat actor.
Toby has performed offensive security assessments for global organizations in various sectors, ranging from medical and critical infrastructure to financial services, and enjoys being part of the end-to-end security process for his clients.
Toby also holds a plethora of industry-recognized certifications, including the Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Web Expert (OSWE), CREST Registered Penetration Tester (CRT), CREST Practitioner Security Analyst (CPSA), Certified Red Team Operator (CRTO), Certified Red Team Professional (CRTP), and the Practical Network Penetration Tester (PNPT). Toby continues to upskill his tradecraft to ensure that he stays up to date with current threats and their techniques.
Toby also holds a master's degree in Cyber Security from Cardiff University where he was awarded best student and end of year project, as well first class honours in his Cyber Security bachelor's degree at the University of South Wales.
Outside of his computer, Toby enjoys running, visiting theme parks, watching sports, chasing sunsets, and cherishing time with family and friends.
Toby has performed offensive security assessments for global organizations in various sectors, ranging from medical and critical infrastructure to financial services, and enjoys being part of the end-to-end security process for his clients.
Toby also holds a plethora of industry-recognized certifications, including the Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Web Expert (OSWE), CREST Registered Penetration Tester (CRT), CREST Practitioner Security Analyst (CPSA), Certified Red Team Operator (CRTO), Certified Red Team Professional (CRTP), and the Practical Network Penetration Tester (PNPT). Toby continues to upskill his tradecraft to ensure that he stays up to date with current threats and their techniques.
Toby also holds a master's degree in Cyber Security from Cardiff University where he was awarded best student and end of year project, as well first class honours in his Cyber Security bachelor's degree at the University of South Wales.
Outside of his computer, Toby enjoys running, visiting theme parks, watching sports, chasing sunsets, and cherishing time with family and friends.
Our mission
Our mission is to have thorough customer engagements to improve security as efficiently as possible. We know this involves carefully listening and understanding to our customers. Our attention to customers’ challenges, focus on intelligent solutions, and our genuine passion for security drive us to consistently deliver outstanding results.
7 reasons our customers choose TrustFoundry
Customers come to TrustFoundry when they are trying to secure their applications and networks, but why do our customers choose TrustFoundry?
Effortless
Engagement
Testing
Coverage
Personal
Approach
Ethics
Value
Handle
Complexity
Clear
Reporting
Do you see a career at TrustFoundry?
Penetration Tester
- Location: Kansas City (Remote) or Global (Remote)
- Level: Mid-level to principal consultant
- Salary: Competitive, which for us generally 75th – 95th percentile for role. Final numbers depend on on location, experience, qualifications, and expertise.
Background
TrustFoundry is looking for an experienced penetration tester with a primary focus on infrastructure testing, with additional experience in application penetration testing. We are a small, specialized penetration testing company based in Kansas City. At TrustFoundry, you’ll spend your time hacking, solving interesting problems, and collaborating with talented security professionals.
Perks
- Work from home
- Flexible work environment, including flexibility in schedule
- Unlimited PTO
- Training & Conferences
- Medical and Dental benefits (US FTE)
- An excellent culture that supports employee development
- Work with a high-quality team; Our customers are happy customers!
Requirements
- Able to perform complex infrastructure penetration tests against traditional AD and modern/non-traditional environments.
- Able to perform application penetration tests across a range of common web technologies.
- Able to deliver clear, professional penetration test reports and present findings to both technical and non-technical audiences.
Preferred Experience
- Experience with leading penetration tests from scoping to final delivery.
- Published research, CVEs, or open-source tools.
- Involvement in security projects, CTFs, or the wider hacking community.
- Experience in cloud penetration testing.
- Experience in mobile penetration testing.
- Experience in social engineering engagements.
- Experience in red teaming.
- Ability to read and write code in common languages.
- Strong written and verbal communication skills.
- Degree in Computer Science or related field (or equivalent experience).
- Completion of security-related MOOCs or books.
- Security certifications (OSCP, OSCE, OSWA, OSWE, CRTO, BSCP, etc.).
Why TrustFoundry
Get to work with a group of ~8 pentesters that love all aspects of hacking. We are the right size for collaborating closely and learning. We typically work with good customers and take on a fair amount of complex or challenging projects, which are fun to work on. It’s a great place to sharpen your hacking skills and better yourself. We have very efficient platform, making report writing much easier. Also, we are flexible, so if you want a lot of R&D time, CTF time, vacation, or something specific, we can generally make that work!
Across-the-Board Trust
Your business relies on the trust of your customers. We take that seriously, and partner with you to ensure your foundation of trust is maintained.
