There are quite a few places out there that can do IR remotely, or come to you site. There are two ways to do it, a white hat way, in which you give them some of your information and then they test out your network. The other way, which is more expensive is the black hat way, in which they try to penetrate your site with just the knowledge that they acquire. Now, they are going to want, and they should, get in writing, permission to “hack”, penetrate your network in the event that someone else, maybe an insider, does something and they are not to be blamed.
Here are a few sites that I often read their articles:
The last two are excellent for information to keep up on current technical events, but you still have a ways to go. Good luck in your search.