Pentesting Providers

Penetration Testing Providers in USA

North America

Penetration testing providers based in the United States, covering one of the world's largest markets for security testing services.

US-based providers often hold certifications relevant to federal contracting including FedRAMP 3PAO and CMMC assessments, and serve organisations across all industries from Silicon Valley startups to Fortune 500 enterprises and government agencies.

24 providers
Best UK ProviderBest for EnterpriseResearch Leaders
NCC Group logo

NCC Group

Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services.

75
Score
LOCManchester, United Kingdom
Web ApplicationNetworkMobile App+13
CRESTCHECKCBEST+6
View ProfileVisit Site
Nettitude logo

Nettitude

CREST, CHECK, and CBEST accredited UK consultancy within Lloyd's Register, delivering premium penetration testing for government and critical infrastructure.

64
Score
LOCLondon, United Kingdom
Web ApplicationNetworkMobile App+10
CRESTCHECKCBEST+2
View ProfileVisit Site
Best for Mid-MarketBest for Financial Services
NetSPI logo

NetSPI

Leading penetration testing firm with the Resolve platform for continuous attack surface management, trusted by nine of the top ten US banks.

60
Score
LOCMinneapolis, Minnesota, United States
Web ApplicationNetworkCloud+8
SOC 2ISO 27001CREST
View ProfileVisit Site
Trustwave logo

Trustwave

Global managed security provider with the elite SpiderLabs penetration testing team and deep PCI DSS compliance expertise.

57
Score
LOCChicago, Illinois, United States
Web ApplicationNetworkMobile App+7
PCI QSAISO 27001SOC 2+1
View ProfileVisit Site
Mandiant logo

Mandiant

World-renowned cybersecurity firm now part of Google Cloud, delivering threat intelligence-led penetration testing and red teaming informed by front-line incident response experience.

53
Score
LOCReston, Virginia, United States
Red TeamingPurple TeamingNetwork+6
SOC 2ISO 27001FedRAMP 3PAO
View ProfileVisit Site
Best OverallElite TestersResearch Pioneers
Bishop Fox logo

Bishop Fox

Premier US-based offensive security firm known for elite penetration testers, cutting-edge research, and the Cosmos continuous attack surface management platform.

50
Score
LOCTempe, Arizona, United States
Web ApplicationNetworkMobile App+8
SOC 2OSCP Employer
View ProfileVisit Site
Rapid7 logo

Rapid7

Creators of Metasploit offering enterprise penetration testing integrated with their comprehensive vulnerability management and security operations platform.

50
Score
LOCBoston, Massachusetts, United States
Web ApplicationNetworkMobile App+7
SOC 2ISO 27001
View ProfileVisit Site
Coalfire logo

Coalfire

Compliance-focused cybersecurity advisory firm and FedRAMP 3PAO specializing in penetration testing that meets stringent regulatory requirements.

50
Score
LOCWestminster, Colorado, United States
Web ApplicationNetworkCloud+5
SOC 2FedRAMP 3PAOPCI QSA+1
View ProfileVisit Site
HackerOne logo

HackerOne

World's largest ethical hacker platform with over one million researchers, offering bug bounties and structured penetration testing to the US DoD and Fortune 500.

47
Score
LOCSan Francisco, California, United States
Web ApplicationAPIMobile App+3
SOC 2ISO 27001FedRAMP 3PAO
View ProfileVisit Site
Black Hills Information Security logo

Black Hills Information Security

Community-driven penetration testing firm known for free security education, open-source tools, Wild West Hackin' Fest, and practical offensive security services.

44
Score
LOCSpearfish, South Dakota, United States
NetworkWeb ApplicationSocial Engineering+5
SOC 2
View ProfileVisit Site
SEC Consult logo

SEC Consult

Leading European cybersecurity consultancy from Vienna with a prolific vulnerability research program and deep expertise in IoT and embedded systems security.

43
Score
LOCVienna, Austria
Web ApplicationNetworkMobile App+7
ISO 27001
View ProfileVisit Site
CrowdStrike logo

CrowdStrike

Global cybersecurity leader leveraging world-class threat intelligence from the Falcon platform to deliver intelligence-led penetration testing and red teaming.

43
Score
LOCAustin, Texas, United States
Red TeamingNetworkWeb Application+5
SOC 2ISO 27001
View ProfileVisit Site
IOActive logo

IOActive

Elite boutique security consultancy specializing in IoT, SCADA/ICS, embedded systems, and hardware security research with world-renowned researchers.

42
Score
LOCSeattle, Washington, United States
Web ApplicationNetworkIoT+7
OSCP Employer
View ProfileVisit Site
Secureworks logo

Secureworks

Dell Technologies-backed cybersecurity firm with elite Counter Threat Unit intelligence informing enterprise penetration testing and adversary simulation.

41
Score
LOCAtlanta, Georgia, United States
Web ApplicationNetworkCloud+7
SOC 2ISO 27001
View ProfileVisit Site
Trail of Bits logo

Trail of Bits

Elite security research firm specializing in source code review, blockchain auditing, and building industry-standard open-source security tools.

41
Score
LOCNew York, New York, United States
Source Code ReviewWeb ApplicationAPI+3
OSCP Employer
View ProfileVisit Site
Rhino Security Labs logo

Rhino Security Labs

Cloud security penetration testing specialists known for the Pacu AWS exploitation framework and deep expertise across AWS, Azure, and GCP environments.

41
Score
LOCSeattle, Washington, United States
CloudWeb ApplicationNetwork+4
SOC 2
View ProfileVisit Site
Praetorian logo

Praetorian

Offensive security firm founded by former DoD professionals, offering elite penetration testing and the Chariot continuous attack surface management platform.

40
Score
LOCAustin, Texas, United States
Web ApplicationNetworkCloud+7
SOC 2
View ProfileVisit Site
Offensive Security logo

Offensive Security

Creators of OSCP, Kali Linux, and Exploit-DB, offering elite penetration testing services from the team that trains the world's ethical hackers.

40
Score
LOCNew York, New York, United States
Web ApplicationNetworkRed Teaming+5
OSCP Employer
View ProfileVisit Site
Bugcrowd logo

Bugcrowd

Leading crowdsourced security platform offering managed bug bounty programs and crowd-powered penetration testing with hundreds of thousands of ethical hackers.

40
Score
LOCSan Francisco, California, United States
Web ApplicationAPIMobile App+3
SOC 2ISO 27001
View ProfileVisit Site
Synack logo

Synack

FedRAMP-authorized crowdsourced penetration testing platform combining vetted elite hackers with AI-powered Hydra technology for continuous security testing.

39
Score
LOCRedwood City, California, United States
Web ApplicationNetworkAPI+4
FedRAMP 3PAOSOC 2
View ProfileVisit Site
Aon Cyber Solutions logo

Aon Cyber Solutions

Cybersecurity consulting division of global insurance leader Aon, uniquely combining penetration testing with cyber risk quantification and insurance expertise.

36
Score
LOCLondon, United Kingdom
Web ApplicationNetworkCloud+5
ISO 27001SOC 2
View ProfileVisit Site
Securin logo

Securin

Vulnerability intelligence-driven penetration testing firm providing contextual security assessments informed by threat actor exploitation data and ransomware tracking.

34
Score
LOCAlbuquerque, New Mexico, United States
Web ApplicationNetworkAPI+3
SOC 2
View ProfileVisit Site
BreachLock logo

BreachLock

Cloud-based Penetration Testing as a Service platform combining AI-driven automation with expert manual testing at accessible price points.

33
Score
LOCNew York, New York, United States
Web ApplicationNetworkAPI+4
SOC 2ISO 27001
View ProfileVisit Site
Cobalt logo

Cobalt

Pioneer of Pentest as a Service, delivering fast, platform-based penetration testing with a vetted global community of security researchers.

29
Score
LOCSan Francisco, California, United States
Web ApplicationNetworkAPI+2
SOC 2
View ProfileVisit Site

Other Locations

United KingdomEuropeGermanyNetherlandsIrelandFranceNordicsSwitzerlandCanadaAustraliaSingaporeIndiaMiddle EastNew YorkLondonCaliforniaTexasWashington D.C.Global