Find a pentest company with Fedramp
74 companies have this certification
FedRAMP Certification
Origin
The Federal Risk and Authorization Management Program (FedRAMP) was created by the U.S. federal government in 2011 through a collaborative effort between the General Services Administration (GSA), the Department of Homeland Security (DHS), and the Department of Defense (DoD). It was established to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. The program emerged from the need to ensure consistent security standards across government cloud deployments while eliminating redundant agency-by-agency security reviews, which were costly and time-consuming.
Industry Value
FedRAMP certification is highly valued in the industry because it represents one of the most rigorous security standards available for cloud service providers. Achieving FedRAMP authorization demonstrates that a vendor has met stringent security requirements based on NIST guidelines and has undergone thorough third-party assessment, making it a trusted benchmark not only for government contracts but also for private sector organizations seeking high-security cloud solutions. The certification significantly expands market opportunities for cloud providers, as it is mandatory for companies wanting to sell cloud services to U.S. federal agencies, and it streamlines the procurement process by allowing multiple agencies to leverage existing authorizations rather than conducting separate reviews.
Rhymetec
Rhymetec LLC is a cybersecurity firm specializing in penetration testing and offensive security services; 37 employees with 27.8% YoY growth; based in New York, NY, founded in 2015. The company offers web, mobile, and network penetration testing, including AI-powered solutions, and is actively expanding through partnerships and geographic growth.
Lazarus Alliance, Inc.
Cybersecurity company specializing in proactive security services including vulnerability and penetration testing, compliance audits, and privacy assessments; founded in 2000, with 6 employees and 22.2% YoY growth, based in Scottsdale, Arizona, USA. Known for its focus on cybersecurity audits and compliance, with a web presence of 10,023 monthly visits and a global rank of #2,168,741.
MegaplanIT
MegaplanIT is a private cybersecurity firm specializing in penetration testing, compliance, and managed security services; 32 employees, $682.5K annual revenue, founded in 2009, headquartered in Scottsdale, AZ. The company is a recognized leader in cybersecurity testing, offering services such as PCI DSS, HIPAA, SOC audits, social engineering, and cloud security, with a global rank of #10,160,412 and 990 monthly website visits.
Kudelski Security
Cybersecurity company based in Phoenix, Arizona, providing penetration testing and threat exposure management services; explicitly lists penetration testing as part of its offerings, with a focus on proactive security testing and vulnerability identification.
State of Arkansas
Government agency in Arkansas with 1,278 employees, founded in 1836; provides public sector services including cybersecurity, with official website arkansas.gov. Offers penetration testing and vulnerability scanning services; based in Arkansas, United States.
Discloze
Cybersecurity company specializing in penetration testing and collaborative security; 6 employees with 66.7% YoY growth; headquartered in Los Angeles, California, USA; offers vulnerability assessments, risk management, and advanced security practices to enhance digital security.
eSecurity Solutions
Cybersecurity service provider based in Irvine, California; offers GRC, managed security, cyber insurance, and penetration testing services including red team and continuous testing.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
Infoguard Cyber Security
California-based cybersecurity company with multiple offices in San Jose and Irvine; specializes in penetration testing services, including vulnerability assessments and ethical hacking, as evidenced by dedicated website content on pentest benefits and security loophole identification.
Palo Alto Networks
Private cybersecurity company specializing in computer and network security; 13,033 employees (+11.2% YoY), $9.6B revenue, $105.1B market cap, headquartered in Santa Clara, CA; offers penetration testing via Unit 42, including attack simulations and vulnerability testing; competes with Fortinet, Forcepoint, Zscaler.
Maqware Corporation
IT Services and IT Consulting company specializing in cybersecurity, penetration testing, and compliance; based in San Ramon, California, with 11-50 employees, founded in 2008, providing top-tier security solutions and extensive compliance expertise.
Tevora
Business consulting firm specializing in cybersecurity, risk, and compliance; provides penetration testing, network, and internal security assessments; 136 employees, $37.9M revenue, founded 2003, Irvine, CA, USA.
Acalvio Technologies
Cybersecurity company specializing in cyber deception technology; headquartered in Santa Clara, CA, with a focus on advanced threat defense and red teaming services, leveraging deception for early threat detection and attack simulation.
Anitian
Private computer and network security company specializing in compliance automation and advisory services for FedRAMP; 35 employees, $60M revenue, founded 2017 in Palo Alto, CA; $79M funding; offers penetration testing services including red-team assessments; known for FedFlex AI-powered compliance platform.
XeneX SOC
XeneX SOC is a cybersecurity and cloud security platform provider specializing in fully-managed Security Operations as a Service (SOCaaS); based in Los Angeles, California, with 6 employees, $10.1M annual revenue, founded in 2011, and $650K in total funding. The company offers penetration testing, vulnerability testing, SIEM, log management, and 24/7 monitoring, serving the cybersecurity market with a focus on advanced security solutions.
Advertise on pentest.fyi
You could be here!
Todyl
Cybersecurity company specializing in comprehensive network security and offensive security services; explicitly offers penetration testing and active security testing capabilities, with a focus on attack vector documentation and security exercises. Based in Denver, Colorado, USA, with 118 employees (+7.8% YoY growth), $6.5M annual revenue, and $83.8M in total funding.
Linford & Company LLP
Independent external IT auditors specializing in SOC audits, assurance services, and penetration testing; headquartered in Denver, Colorado, with a focus on cybersecurity assessments and compliance.
Sigma Technology Partners
IT services and consulting firm specializing in cybersecurity governance, risk, and compliance (GRC) platforms; provides penetration testing services with a focus on vulnerability identification and remediation; based in Washington, D.C., founded in 2009, with $14.3M annual revenue and 3 employees.
ControlPoints
Cybersecurity consulting firm specializing in audit, penetration testing, and IT solutions; 7 employees; based in Washington, DC; serving Fortune 50 and federal government clients with deep expertise in cybersecurity, risk analytics, compliance, and information assurance.
Privaxi
Privaxi is a cybersecurity firm headquartered in Miami, Florida, providing penetration testing and risk validation services. The company explicitly offers active pentest services across various platforms and technologies, emphasizing vulnerability identification through controlled, simulated attacks.
CyberMyte
CyberMyte is a Florida-based cybersecurity firm specializing in security and compliance solutions for small businesses and government contracts; they explicitly offer penetration testing services and hold certifications like CMMC and FedRAMP, serving federal agencies such as the DOD.
Ridge IT Cyber
Ridge IT Cyber is a Tampa-based private IT and cybersecurity company founded in 2014, with 24 employees and 39.3% annual growth. Recognized as America's top MSSP on the Inc. 5000 list, it offers military-grade security and managed IT services, including penetration testing with rapid 5-day reports covering network, web, mobile, cloud, wireless, and social engineering assessments. The firm specializes in cybersecurity, identity access management, and IT transformation.
A-LIGN
Cybersecurity and compliance provider based in Tampa, Florida; 572 employees, $92.2M annual revenue, $54.5M funding; specializes in cybersecurity compliance, penetration testing, and cyber risk management; offers active penetration testing and red team services, with a focus on high-quality, efficient programs.
Elevate
Business consulting and staffing firm specializing in cybersecurity, IT compliance, and audit services; based in Florida with 13 employees, $5.3M revenue, founded in 2008. Offers penetration testing services across frameworks like CMMC, ISO 27001, SOC 2, and more, with a focus on attack simulations and certification support.
Schellman
IT compliance and cybersecurity attestation provider; based in Tampa, Florida; specializes in FedRAMP assessments and offers extensive penetration testing services across multiple disciplines, including application, network, mobile, red teaming, social engineering, cloud, physical, hardware/IoT, and AI red team testing.
Input Output, LLC
Private IT & cybersecurity firm based in West Palm Beach, Florida, founded in 2018; 3 employees; $9.4M revenue; specializes in penetration testing, cybersecurity compliance, and risk management; offers services including ethical hacking, penetration testing, and security standards adherence; focused on helping businesses navigate regulations and cyber threats.
360 Advanced
Cybersecurity and compliance firm headquartered in St. Petersburg, Florida; specializes in penetration testing services including API Testing, Red Teaming, Web Application Testing, and Social Engineering to identify vulnerabilities and improve security.
ISSGLOBAL
Cybersecurity company specializing in managed security services and penetration testing; 8 employees, $3.4M revenue, founded 2001 in Boca Raton, FL; offers network, web, cloud, wireless, IoT testing, and social engineering simulations, with active, hands-on testing engagements and compliance expertise.
risk3sixty
risk3sixty is a private business consulting and services firm specializing in security, privacy, and compliance programs; offers penetration testing services as confirmed by its dedicated webpage; headquartered in Atlanta, Georgia, with 45 employees and a -13.3% YoY growth rate.
Siemba
Siemba is a cybersecurity firm based in Alpharetta, Georgia, specializing in penetration testing, vulnerability scanning, and attack surface management; with 26 employees and 17.9% YoY growth, it actively provides penetration testing services and is recognized in Gartner Hype Cycle reports.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
Cyberdata Pros
CyberData Pros is a cybersecurity company based in Atlanta, Georgia, specializing in security gap analysis, remediation, and compliance services. They offer penetration testing services that involve actively exploiting vulnerabilities to assess security posture, serving clients of all sizes domestically and internationally.
Coalfire
Coalfire is a cybersecurity and compliance services provider based in Chicago, Illinois, founded in 2001. With 676 employees and $200M annual revenue, it specializes in penetration testing, vulnerability assessments, FedRAMP, cloud migration, and AI risk management, serving enterprise, healthcare, and finance sectors. The company has received $9.4M in funding and is known for offensive security capabilities, including penetration testing services.
Trava Security
Cybersecurity and IT consulting company specializing in compliance, cybersecurity advisory, and penetration testing; 14 employees, $1.2M annual revenue, founded 2020 in Indianapolis, Indiana; $15M total funding, with recent partnerships and market activity; provides dedicated pentest services as a core offering.
Pratum (An HBS Brand)
Information security services firm specializing in cybersecurity solutions including penetration testing; based in Iowa, USA with $6.1M revenue, founded in 2008, and a small team of 1 employee. Pratum helps clients address security challenges through risk-based approaches, with a focus on comprehensive cybersecurity and IT risk management.
Esotericode
Cybersecurity firm specializing in penetration testing, code analysis, and secure software development; offers services including penetration testing, static/dynamic code analysis, code review, and compliance consulting (FISMA, FedRAMP, PCI, NIST); based in Frederick, Maryland, United States.
Penacity, LLC
Cybersecurity company specializing in penetration testing, compliance assessments, and security services for government and commercial clients; 6 employees, founded 2016, headquartered in Hanover, Maryland, with a focus on federal and defense industrial base sectors.
BlueSteel Cybersecurity
Maryland-based cybersecurity firm specializing in penetration testing services; offers network, application, and SaaS pentests; develops humanized compliance programs for Healthcare, Finance, Education, and Defense sectors; headquartered in Baltimore, MD.
Rogue Logics
Cybersecurity company specializing in penetration testing, threat detection, and risk assessment; offers Red Teaming, SOC Monitoring, Threat Hunting, and DFIR services; founded 2007, 2 employees, headquartered in Las Vegas, Nevada, United States.
Compass Federal Consulting
IT services and consulting company specializing in cybersecurity, risk management, and penetration testing; 5 employees with 40% YoY growth; based in Shamong, New Jersey, founded in 2011; provides security planning and compliance services for federal, healthcare, and private clients.
CBIZ Pivot Point Security
CBIZ Pivot Point Security is a private information security consulting company founded in 2000, based in Hamilton Township, New Jersey, with 12 employees and $6.6M annual revenue. They specialize in information security management systems, compliance, penetration testing, and related consulting services, serving clients needing to demonstrate security and compliance. The firm has a declining YoY growth of -31%, a web presence with 9,795 monthly visits, and is positioned within a niche market against competitors like ssc-ict and Iron Bow Technologies.
Deloitte
Global professional services firm specializing in consulting, financial advisory, risk management, and audit & assurance; based in New York, US, with 355,547 employees and $67.2B revenue; offers penetration testing and cybersecurity services, including ethical hacking and cyber attack simulations.
E Com Security Solutions
IT services and consulting company specializing in cybersecurity and compliance; 27 employees, founded 2008, headquartered in New York, USA; offers penetration testing services for networks and web applications, with categories including network penetration testing and web application penetration testing; 1,106 monthly website visits, global rank #11,587,344, employer rating 5.0/5.0.
Essendis
Cybersecurity consulting firm specializing in cloud cybersecurity and penetration testing; based in Berea, Ohio, with expertise in network and application vulnerability assessments and simulated attack testing.
Structured Communication Systems
Oregon-based IT solutions provider specializing in secure digital infrastructure and cybersecurity; offers penetration testing and security architecture design; headquartered in Clackamas, OR.
Breach Craft
Cybersecurity consulting firm specializing in penetration testing, vulnerability assessments, and virtual CISO services; 3 employees with +200% YoY growth; based in Havertown, Pennsylvania, USA; founded by seasoned cybersecurity practitioners, focusing on deep industry knowledge and innovative security solutions.
I.t. Services Group, Llc
IT Services Group, LLC is a Pennsylvania-based IT solutions provider headquartered in Media, serving the Philadelphia region for over 30 years. The company specializes in security compliance and offers penetration testing services, including vulnerability assessments and security testing for standards such as CMMC, PCI, HIPAA, and NIST.
LBMC
LBMC is a private accounting and professional services firm based in Brentwood, Tennessee, with 498 employees and $192.7M in annual revenue. Founded in 1984, it offers consulting, accounting, tax, audit, advisory, HR, staffing, security, and technology services. The firm is the largest professional services provider in Tennessee and ranks among the top 50 accounting firms nationally. It also provides penetration testing services, including external, internal, wireless, web application, and social engineering tests, as detailed on their official website.
Prescient Security
Cybersecurity company specializing in penetration testing, compliance, and web application security; 196 employees (+52% YoY growth), $23.9M revenue, founded 2018 in Nashville, Tennessee, serving over 5,000 clients worldwide.
LevelBlue
Cybersecurity company specializing in penetration testing services across IT, OT, IoT, physical, and personnel security; offers Penetration Testing as a Service with retesting and validation components; 420 employees with 115.1% YoY growth; headquartered in Dallas, Texas; recently acquired Trustwave; competes with LogRhythm, Darktrace, and FSecure.
CyberGuard
CyberGuard is a cybersecurity advisory and consulting company based in Irving, Texas, specializing in vulnerability assessment and penetration testing services; they help organizations mitigate risks and navigate cybersecurity standards.
CrowdStrike
CrowdStrike is a private cybersecurity company specializing in computer and network security, with 7,522 employees, $4.6B annual revenue, and headquartered in Austin, Texas; it has a market cap of $76.2B and $1.2B in total funding. The firm offers penetration testing services to identify vulnerabilities and security gaps, positioning itself as a leader in endpoint protection, cloud security, and threat hunting. It competes with firms like Carbon Black and McAfee, and maintains a strong digital presence with over 2.3 million monthly visits and a global rank of 16,332.
Olezka Global
IT services and consulting company based in Lakeway, Texas; 6 employees with +37.5% YoY growth; specializes in IT support, digital transformation, and cybersecurity including penetration testing; serves diverse industries with a global presence.
CybertLabs
Cybersecurity services provider based in Dallas, TX, specializing in compliance, managed security, penetration testing, and cloud protection; helps clients meet standards like NIST 800-53 and FedRAMP.
Ascent Portal
Texas-based cybersecurity firm specializing in penetration testing services; offers WISP/Pen Testing and integrated security assessments with headquarters at 1301 S. Capital of Texas Hwy, Austin, TX 78746. Provides comprehensive vulnerability testing to identify security weaknesses.
Trend Micro
Cybersecurity software development company headquartered in Irving, Texas; 4,553 employees, $1.8B revenue, private firm; provides enterprise security solutions powered by AI and threat intelligence, including attack surface management, XDR, cloud security, and penetration testing services, with active third-party and internal pentest engagements.
Trellix
Cybersecurity company specializing in threat detection and response; headquartered in Plano, Texas, with 6,000 employees; provides penetration testing services including manual assessments and automated testing via RidgeBot.
Paramify
Cybersecurity company headquartered in Lehi, Utah, offering automated compliance documentation solutions and penetration testing services; provides FedRAMP-Authorized tools and collaborates with security partners for pentest offerings.
ioSENTRIX
Cybersecurity consulting firm specializing in application security, network security, and security assessments; offers penetration testing services confirmed by dedicated web pages; 13 employees with 6.3% monthly growth; founded 2017; headquartered in Herndon, Virginia, USA.
Coalfire Federal
Cybersecurity company specializing in federal and private sector cybersecurity advisory, assessment, and penetration testing; 51 employees with 6.2% YoY growth; based in Chantilly, Virginia, providing FedRAMP ATO and federal cybersecurity services.
Sybersense
Cybersecurity consulting firm specializing in penetration testing and vulnerability management; provides services to federal and state/local government clients; 5 employees; Founded 2018; Reston, VA.
Fortreum
Cybersecurity company headquartered in Lansdowne, Virginia, providing penetration testing and offensive security services; employs specialized pentesters and red team leads, with explicit government procurement listings for penetration testing services.
Advertise on pentest.fyi
You could be here!
Vaultes
Cybersecurity firm headquartered in Ashburn, Virginia, providing penetration testing, vulnerability scans, and continuous threat monitoring; offers FedRAMP assessments and security consulting for federal and commercial clients.
SecureIT
Cybersecurity firm headquartered in Reston, VA, providing penetration testing, security assessments, and compliance advisory; offers active exploitation and simulated cyberattack services to enhance client security posture.
Conscious Networks
Managed IT services provider based in Vienna, Virginia; offers holistic technology support, including Help Desk, hardware/software support, procurement, and implementation. Provides penetration testing and cybersecurity risk assessments, emphasizing active testing and real-world attack simulations.
Data Pulse Tech
Cybersecurity firm based in Ashburn, Virginia, specializing in penetration testing and vulnerability research; offers comprehensive security assessments for networks, applications, and systems.
Anthony Timbers LLC
Anthony Timbers LLC is a private IT & cybersecurity services firm based in Herndon, Virginia, founded in 2020; with 5 employees and 42.9% YoY growth, it offers penetration testing, vulnerability assessments, network monitoring, and secure network design, serving small businesses and emphasizing compliance with HIPAA and PCI DSS standards.
Iron Bow Technologies
IT services and consulting company headquartered in Herndon, Virginia, with 603 employees and $872.1M revenue; specializes in digital transformation, cybersecurity, and IT modernization for government, healthcare, and commercial sectors; provides penetration testing services and has received industry awards.
Securitybricks, Inc.
Cybersecurity company specializing in penetration testing, offensive security, and compliance support; 14 employees; headquartered in Seattle, Washington, with a focus on cloud security, GRC, and application security services.
Rapid7
Cybersecurity company with a Danish subsidiary (CVR 38855441, Copenhagen); offers comprehensive penetration testing services including network, web, IoT, social engineering, red team, and wireless testing, focusing on simulated attack scenarios to identify vulnerabilities.
Cyber Resilience Group
Australian cybersecurity company specializing in audit readiness, compliance, and resilience; offers penetration testing services to identify security weaknesses through simulated attacks; headquartered in Melbourne, Victoria, with ABN 35676454078.
BlackBerry
Canadian cybersecurity company based in Waterloo, Ontario; specializes in secure communications, QNX embedded systems, and offers penetration testing services such as IoT security assessments, open source reviews, regulatory pentests, and adversary simulations.
ORA Consultants
Cybersecurity company specializing in penetration testing, risk assessment, and cyber defense; based in Montreal, Canada, with 5 employees, founded in 2022, offering expert security advisory and attack-simulation services.
Clarolab
IT services and consulting company specializing in development, security, and testing; provides penetration testing, source code analysis, and network security services since 2010; 62 employees; founded 2006; headquartered in Buenos Aires, Argentina.
Multinational technology company headquartered in Singapore for Asia-Pacific operations; provides penetration testing services through Google Cloud, including external/internal web app and cloud assessments, supported by Mandiant's pentest offerings.
Trend Micro
Cybersecurity software development company based in Tokyo, Japan, with 4,553 employees and $1.8B annual revenue; offers enterprise cybersecurity platform with AI and threat intelligence; provides penetration testing services via Trend Vision One Red and Purple Teaming for active security testing; competes with Avast, Mandiant, Secom.