Find a pentest company with SOC 2 Type 2
76 companies have this certification
SOC 2 Type 2 Certification
Origin
SOC 2 (System and Organization Controls 2) was developed by the American Institute of Certified Public Accountants (AICPA) and introduced in 2011 as part of their Service Organization Control reporting framework. It was created to address the growing need for standardized security auditing as businesses increasingly moved their data and operations to third-party cloud service providers. The AICPA recognized that traditional financial auditing standards were insufficient for evaluating the security practices of technology service providers, prompting the development of SOC 2 to assess controls related to security, availability, processing integrity, confidentiality, and privacy based on their Trust Services Criteria.
Industry Importance
SOC 2 Type 2 certification is highly valued because it provides independent verification that a service provider has implemented and maintained effective security controls over a specified period (typically 6-12 months), rather than just at a single point in time like Type 1. This certification has become an essential requirement for vendors handling sensitive customer data, as it demonstrates to clients and stakeholders that robust security measures are consistently in place. Many enterprises now require SOC 2 Type 2 reports from their vendors as part of their third-party risk management programs, making it a competitive necessity for SaaS companies, cloud providers, and data processors seeking to build trust and win business with security-conscious organizations.
Clear Winds Technologies
Alabama-based IT services provider specializing in managed IT, VoIP, cabling, and IT projects; offers penetration testing including external and internal assessments, with over 20 years of industry experience.
Mainstream Technologies
Cybersecurity company headquartered in Little Rock, Arkansas; provides penetration testing (pen test/ethical hacking) services with a focus on simulated attack assessments and security testing.
State of Arkansas
Government agency in Arkansas with 1,278 employees, founded in 1836; provides public sector services including cybersecurity, with official website arkansas.gov. Offers penetration testing and vulnerability scanning services; based in Arkansas, United States.
Cybereason
Cybereason is an American cybersecurity technology company founded in 2012, headquartered in La Jolla, California; it specializes in AI-driven XDR platforms, threat detection, incident response, and offensive security services including penetration testing and red team exercises. The company was acquired by LevelBlue in November 2025 and maintains a global presence with offices worldwide.
Generation IX Technologies
Generation IX Technologies is a California-based IT services and consulting company founded in 1996, with 28 employees and $32.2M revenue. They provide managed IT, cybersecurity, breach response, and penetration testing services, including attack simulations and ethical hacking, primarily serving small and medium businesses in Los Angeles. The firm has a global web presence with 3,055 monthly visits and a ranking of #4,528,118.
Picus Security
Cybersecurity company specializing in breach and attack simulation (BAS) and security validation; 229 employees with 27.2% YoY growth, $85M annual revenue, founded in 2013, headquartered in San Francisco, CA; supports penetration testing and red teaming activities, with $78M in funding.
Anvaya Solutions
Cybersecurity consulting firm specializing in penetration testing, security program development, and continuous improvement; based in Folsom, California, with verified headquarters in the US.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
Gecko Security
Cybersecurity firm based in San Francisco, CA; specializes in detecting business logic flaws and multi-step vulnerabilities that traditional SAST tools overlook; offers penetration testing and attack simulation services to identify security weaknesses.
Vectra AI
Cybersecurity AI company based in San Jose, California; provides attack simulation, cyber-range, exposure assessment, and security testing tools like Halberd; specializes in proactive threat detection and penetration testing equivalents.
CloudDefense.AI
Cybersecurity company specializing in cloud and application security; headquartered in Palo Alto, CA; offers penetration testing and red teaming services, emphasizing offensive security capabilities.
CyberProof
CyberProof is a cybersecurity firm based in Aliso Viejo, California, specializing in threat-led defense platforms that deliver comprehensive visibility, tailored threat insights, and ongoing optimization to mitigate enterprise risk. The company explicitly provides penetration testing services to proactively identify vulnerabilities and manage cyber threats.
Gosecure
Cybersecurity company providing 24/7 managed detection, response, and penetration testing services; headquartered in La Jolla, California, with dual presence in Montreal; specializes in active security testing, ethical hacking, and red-team activities.
Cyvatar
Cyvatar is a private cybersecurity company based in Irvine, California, specializing in cybersecurity management, vulnerability detection, and risk remediation; it provides penetration testing services as part of its offerings, with 19 employees, $4.2M revenue, and $12M in funding.
Cyberix, Inc.
Cyberix, Inc. is a private cybersecurity firm based in Aurora, Colorado, founded in 2024 with 4 employees. The company provides advanced cybersecurity, managed IT services, and technology consulting, with core expertise in penetration testing, network security, cloud infrastructure, and compliance solutions, serving organizations of all sizes.
Advertise on pentest.fyi
You could be here!
Elevate Services Group
Colorado-based IT services company specializing in managed IT support and cybersecurity; offers penetration testing, vulnerability scans, and active security testing to identify vulnerabilities and prevent intrusions.
Blackpoint Cyber
Cybersecurity company specializing in network security, threat neutralization, and managed detection and response (MDR); offers penetration testing services as part of its security solutions; 157 employees (+7.1% YoY growth); $39.8M annual revenue; founded in 2014; headquartered in Denver, Colorado; raised $201.4M in total funding, last round Series C in June 2023; active in threat detection, network visualization, and cyber defense.
Beazley Security
Cybersecurity company specializing in cyber risk management, penetration testing, and incident response; 127 employees (+32.8% YoY growth), $4.1M annual revenue, founded 2016, headquartered in West Hartford, Connecticut. Offers comprehensive penetration testing, digital forensics, breach response, and regulatory compliance services, with a focus on enhancing client cyber resilience.
UprootSecurity
UprootSecurity is a private cybersecurity firm specializing in penetration testing and vulnerability management via its PtaaS platform; 7 employees with 16.7% YoY growth, founded in 2024 in Wilmington, Delaware. The company focuses on reducing breach risk through compliance automation, combining technology and human expertise, and operates in categories including security, risk assessment, and attack surface management.
Picus Security
Cybersecurity company specializing in breach and attack simulation and automated penetration testing; headquartered in Wilmington, Delaware, USA; recognized as a leader in BAS solutions by G2 and Gartner; platform identifies vulnerabilities and guides security improvements.
Waterleaf International
Cybersecurity company headquartered in Fort Myers, FL; specializes in advanced network and cybersecurity solutions including penetration testing with certified ethical hackers and active pentest engagements.
Sentenia
Cybersecurity firm based in Coral Gables, FL; specializes in penetration testing services including network attack simulations and vulnerability assessments.
Arete
Cybersecurity company specializing in end-to-end security solutions, including incident response, ransomware mitigation, dark web monitoring, and penetration testing; 305 employees, $85M revenue, founded 2015, headquartered in Boca Raton, Florida, USA. Known for active offensive security services such as penetration testing, supported by case studies and industry resources.
UDT
Cybersecurity firm specializing in penetration testing, red team simulations, and security assessments; headquartered in Miramar, Florida, USA, with a primary focus on enterprise security solutions.
Fortuna Cysec
Cybersecurity company specializing in computer and network security; 23 employees with 208.3% YoY growth, based in Atlanta, Georgia, offering threat detection, incident response, compliance, and penetration testing services, with a focus on scalable, integrated security ecosystems.
NowSecure
Cybersecurity company specializing in mobile app security testing and risk management; 73 employees, $25.4M annual revenue, founded 2009 in Chicago, Illinois; $27.5M funding; offers penetration testing services including mobile app penetration testing and PTaaS; ranked #552,411 globally; active in industry news and social media.
Halborn
Cybersecurity firm specializing in blockchain security; headquartered in Illinois, USA; offers penetration testing, smart contract audits, and red teaming for enterprise digital assets and blockchain infrastructure.
Beyond Key
IT consulting and software development company based in Chicago, Illinois, specializing in cloud, AI, BI, and custom solutions; offers penetration testing services with active capabilities in vulnerability assessment and web application security.
Nexum, Inc.
Cybersecurity company specializing in enterprise and network security solutions; provides penetration testing, security assessments, managed security services, and professional consulting; 53 employees, $6.5M revenue, founded 2002, headquartered in Hammond, Indiana, with a focus on comprehensive security testing and consulting.
The Ame Group
Cybersecurity and managed services provider specializing in penetration testing; based in Vincennes, Indiana, with active SOC/MDR capabilities and explicit penetration testing services listed on their security offerings.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
Huntrix
Huntrix is a private cybersecurity firm specializing in penetration testing, security consulting, and compliance for e-commerce, SaaS, AI, and security sectors; founded in 2023, with 4 employees and 150% YoY growth, headquartered in New Orleans, Louisiana, USA. The company helps high-growth startups build secure systems through focused security services, including pentesting and red teaming, with recent media coverage involving high-profile NFL halftime show events.
Anchor Technologies, Inc.
Cybersecurity company specializing in risk management, third-party risk management, and penetration testing; 10 employees, $4.2M revenue, founded 2002, headquartered in Columbia, Maryland, US; offers comprehensive security solutions including penetration testing and compliance services.
Secure Halo
Cybersecurity company headquartered in Silver Spring, Maryland, United States; provides enterprise risk and cybersecurity solutions including penetration testing services such as external, internal, web application, social engineering, and physical testing.
Rapid7
Cybersecurity company specializing in attack surface management, vulnerability management, penetration testing, and security programs; 2,068 employees, $858.7M annual revenue, $2.5B market cap, founded in Boston, MA; offers penetration testing services to identify and remediate security weaknesses.
Cinch I.T.
Managed services provider offering unlimited nationwide IT support, cybersecurity, and penetration testing; based in Worcester, MA, serving SMBs with a focus on security and support.
SimSpace
SimSpace is a private cybersecurity firm specializing in penetration testing, red teaming, threat emulation, and cyber range services; with 150 employees (+15.5% YoY growth), $42.5M annual revenue, and $45M in total funding. Founded in 2015 and headquartered in Boston, Massachusetts, USA, it is recognized for active security testing and cyber assessment capabilities, serving a global market with a ranking of #386,964.
STACK Cybersecurity
Managed security service provider specializing in cybersecurity solutions including penetration testing; 15 employees with 42.9% YoY growth; based in Livonia, Michigan, founded in 2006, serving clients with strategic cybersecurity and IT services.
Midwest Cloud Computing
IT services and cybersecurity company based in Omaha, Nebraska, United States; provides penetration testing services to deliver actionable security intelligence; located at 10415 J St Suite 100, Omaha, NE.
Tiro Security
Cybersecurity staffing and consulting company specializing in security assessment and penetration testing; 4 employees with 14.3% growth, $3.7M revenue; based in Henderson, Nevada, founded 2012.
Mainstay Technologies
IT services company specializing in cybersecurity assessments and penetration testing; based in Manchester, NH with headquarters at 25 Sundial Ave, Suite 504W; offers security testing using simulated hacking techniques and technical assessments by security professionals.
Gotham Security, an Abacus Group Company
Cybersecurity company specializing in boutique cybersecurity services including penetration testing, threat intelligence, and compliance; 6 employees (+50% YoY growth), $3.1M revenue, founded 2013, headquartered in Princeton, New Jersey, United States.
STIG
Cybersecurity company specializing in computer and network security; 25 employees with 4.9% YoY growth, founded in 2000, based in Glen Rock, New Jersey, United States. Provides penetration testing, secure IT engineering, managed security services, and human capital solutions, with a web presence of 1,421 monthly visits and a global rank of #8,992,961.
Mindcore
Cybersecurity and IT consulting firm based in New Jersey, with multiple NJ offices; provides penetration testing services including network, web application, wireless, and social engineering assessments.
SecurityScorecard
Cybersecurity risk ratings platform provider; 374 employees (+16.2% YoY growth); $144.3M annual revenue; founded 2013; headquartered in New York, NY; offers penetration testing, supply chain risk, third-party risk management, and cyber insurance solutions; raised $292.2M in funding, last Series E in 2021; acquired HyperComply, Inc.
CyFlare
Cybersecurity solutions provider specializing in managed detection and response (MDR) with 24/7 SOC services; offers penetration testing (pentest) services confirmed by dedicated service pages and documentation; headquartered in West Seneca, NY, United States.
Port53
Cybersecurity company headquartered in New York, NY, with a focus on managed detection and response, security tool recommendations, and risk management; explicitly offers penetration testing services as part of its security offerings.
Fortress Security Risk Management
Cybersecurity firm providing penetration testing, vulnerability assessments, and managed security services; based in Cleveland, Ohio, with 36 employees and 2.1% monthly growth • Offers full-spectrum cybersecurity protection and co-managed security solutions; recent acquisitions by Fulcrum IT highlight strategic expansion.
Finite State
Cybersecurity company specializing in connected device security; provides penetration testing services for IoT and supply chain security, with detailed use cases and datasheets. Based in Columbus, Ohio, USA.
SoftServe
Software development and digital services company based in Austin, Texas; provides explicit penetration testing services including manual testing, shell security assessments, and cloud security testing.
HiddenLayer
AI security company providing noninvasive protection for AI models; 111 employees, $45M revenue, founded 2022 in Austin, TX, with $189.4M funding; specializes in automated red teaming and AI penetration testing to identify vulnerabilities.
Endurance IT
Virginia-based managed IT services provider offering support, security, staffing, and cybersecurity solutions; provides active penetration testing including network and application assessments to identify vulnerabilities and enhance security posture.
Nisos
Cybersecurity firm specializing in human risk management, digital investigations, and penetration testing; headquartered in Arlington, VA, with a focus on early threat detection and attack simulation services.
AIS Network
AIS Network is a Virginia-based private IT and cybersecurity company founded in 1993, with 10 employees and $2.8M revenue, specializing in IT modernization, multicloud hosting, and penetration testing services. Recognized on the Inc. 5000 list and a 'Best Place to Work in Virginia,' it serves sectors including government, healthcare, and finance, with core capabilities in cybersecurity, application development, disaster recovery, and cloud enablement.
.png)
Oleria
Oleria is a Washington-based security platform specializing in usage-aware identity security; it offers fine-grained, usage-aware access control for all identity types and performs regular penetration testing (at least annually) to ensure security integrity.
Applied Tech
Applied Tech is a private cybersecurity firm specializing in computer and network security, with 85 employees, $7.8M annual revenue, founded in 1999 in Madison, Wisconsin. The company explicitly discusses penetration testing services, including dedicated resources on security assessments, indicating a focus on security testing offerings.
Odyssey Cybersecurity
Cybersecurity firm based in Strovolos, Nicosia, Cyprus; provides penetration testing, vulnerability scanning, and threat management services; explicitly mentions ethical hacking, red teaming, and security audits in service offerings.
Rapid7
Cybersecurity company with a Danish subsidiary (CVR 38855441, Copenhagen); offers comprehensive penetration testing services including network, web, IoT, social engineering, red team, and wireless testing, focusing on simulated attack scenarios to identify vulnerabilities.
Orange Cyberdefense SA
French cybersecurity firm based in Paris La Défense; provides penetration testing, red teaming, and threat-led security testing services, demonstrating a focus on active defense and attack simulation capabilities.
Eleven Labs
Private IT consulting and web development firm based in Paris, France; 74 employees, founded 2011, with $158K annual revenue. Known for technical excellence and security services including penetration testing supported by a Trust Center with pentest reports. Maintains a modest online footprint with 23,429 monthly visits and a global rank of 1,079,127.
Vendito
Cybersecurity company specializing in vendor- and tool-agnostic IT security engineering; offers penetration testing services; based in Szekszárd, Hungary with 3 employees.
S.C. Orange România S.A.
S.C. Orange România S.A. is a private telecommunications provider headquartered in Bucharest, Romania, with 23 employees (+9.7% YoY growth) and over $1 billion in annual revenue. It has a strong online presence with 6.3 million monthly website visits and ranks #10,169 globally. The company explicitly offers penetration testing and security assessment services, supporting its role in cybersecurity and offensive security capabilities within the telecom sector.
Advertise on pentest.fyi
You could be here!
Cyber Security Hub®
Cyber Security Hub® is a security and investigations company providing penetration testing and security project management services; it has 9 employees, $334.2K annual revenue, founded in 2014, headquartered in Melbourne, Australia. The company specializes in offensive security services and offers a platform to streamline security testing programs, with a focus on large-scale pentests.
Parabellum
Cybersecurity consultancy specializing in penetration testing; founded 2022, 5 employees, +180% YoY growth, based in Sydney, Australia; offers comprehensive pentest services across multiple domains, serving organizations to manage cyber risks with clarity and strategic insight.
AffinityMSP
Australian IT services and consulting firm specializing in managed IT support, cybersecurity, and cloud solutions; 19 employees with 6.7% YoY growth, founded in 2019, based in Melbourne, Australia. Recognized among Australia's top MSPs, with active engagement in penetration testing and security assessment practices.
ALCiT 🍁
Canadian cybersecurity company specializing in enterprise-grade, pre-configured solutions for SMBs; offers penetration testing, self-assessment, and resilience services; 11 employees, +15.4% YoY growth, $1M-$5M revenue, founded 2009 in Mississauga, ON.
Securitech Systems - Systèmes Securitech
Cybersecurity company based in Montreal, Canada, founded in 2019; specializes in penetration testing and cybersecurity services, including red teaming; small team of 2 employees; focuses on enhancing cybersecurity for Canadian businesses; offers web and mobile security solutions.
D3COD
Cybersecurity and digital forensic consulting firm specializing in cybersecurity, information systems security, and risk management; offers penetration testing services; based in Montréal, Canada with 3 employees; founded in 2019.
F12.net
F12.net is a Canadian IT services and consulting firm specializing in managed IT, cybersecurity, and cloud solutions; 189 employees, $35.6M revenue, founded 1996, with expertise in penetration testing, ethical hacking, and attack simulation to uncover vulnerabilities.
Bulletproof, a GLI Company
IT services and consulting firm based in Canada; 211 employees, $36M revenue, founded 2001, specializes in cybersecurity including penetration testing, with recognized security excellence and active market presence.
Nuvollo
Canadian-based IT services firm headquartered in Toronto, Ontario; provides cloud ERP, security, managed IT, and consulting services; explicitly offers penetration testing (pentest) services as part of its cybersecurity offerings.
Exchange Technology Services
Canadian IT solutions provider based in Winnipeg, Manitoba; offers penetration testing services confirmed by social media and profile mentions; focuses on cybersecurity and IT support for SMBs.
NTT DOCOMO BUSINESS
Japan-based IT services and consulting company with 982 employees and $7.4B revenue; offers penetration testing, vulnerability assessments, and security testing services including TLPT and VAPT; 1.9M monthly website visits, ranked #28,208 globally; competes with Lumen, Comcast, Verizon.
Exabytes Group
Exabytes Group is a Malaysian private company specializing in computer networking products, web hosting, and digital solutions; with 154 employees, $14M revenue, founded in 2001, and headquartered in Bayan Baru, Penang. It actively provides penetration testing services, including vulnerability assessments and simulated cyberattacks, demonstrating its cybersecurity capabilities. The company is Southeast Asia’s leading AI, SaaS, cloud, digital marketing, and e-commerce solutions provider, with a strong web presence and a global market position.
Infoziant
Infoziant is an India-based IT services and consulting firm specializing in information security and vulnerability disclosure, with 48 employees, $3.2M annual revenue, and recognized for expertise in penetration testing (VAPT); founded in 2015 and headquartered in Chennai, Tamil Nadu.
IARM Information Security
Cybersecurity company based in Chennai, India, founded in 2016 with 30 employees; specializes in consulting, managed security, IoT security, and CREST-certified penetration testing for network, application, cloud, and LLM systems; offers end-to-end global security solutions with a focus on innovation and specialized pentesting capabilities.
Zoho
Zoho is a private software development company based in Chennai, India, with 14,259 employees (+20.6% YoY growth), $1.5B annual revenue, and $283.5K in funding. It offers a comprehensive cloud software suite with 55+ applications for over 100 million users, focusing on business productivity, CRM, collaboration, and security services, including penetration testing.
Qseap Infotech Pvt Ltd
Cybersecurity consulting firm specializing in penetration testing, security audits, and risk management; 266 employees with 11.5% YoY growth; founded 2011; based in India; CERT-IN empanelled, ISO 27001, SOC-2 Type2, ISO 9001 certified; offers network and web application penetration testing, red teaming, and compliance services; serves clients across India, Middle East, Southeast Asia.