NCC Group is probably the biggest name because they go around Hoovering up companies that are usually above average in the competencies you asked about. And they can attract and retain talent.
Trail of Bits is another big name because they hire and retain talent across a large number of enterprise, emerging tech, and research verticals.
Other established firms include Atredis Partners, IOActive, Security Innovation. There are more one could list.
Sometimes these companies work with partners who ask to publicly disclose some artifact resulting from the test. Here is a collection of those reports aggregated by firm: https://github.com/juliocesarfort/public-pentesting-reports (Edit: note this is not a great way to evaluate any particular company, but it does provide an objective listing of companies that exist in the pentesting space).
Each firm will also have variability in their personnel for your project which can yield different results for two independent tests on the same target from the same firm.
Trail of Bits is another big name because they hire and retain talent across a large number of enterprise, emerging tech, and research verticals.
Other established firms include Atredis Partners, IOActive, Security Innovation. There are more one could list.
Sometimes these companies work with partners who ask to publicly disclose some artifact resulting from the test. Here is a collection of those reports aggregated by firm: https://github.com/juliocesarfort/public-pentesting-reports (Edit: note this is not a great way to evaluate any particular company, but it does provide an objective listing of companies that exist in the pentesting space).
Each firm will also have variability in their personnel for your project which can yield different results for two independent tests on the same target from the same firm.