9 days ago
Base Salary
$160k - $230k/yr
Responsibilities
- Perform penetration tests of web apps, APIs, backend services, cloud infrastructure, and corporate networks.
- Conduct threat emulation exercises, red-team scenarios, and targeted attack simulations.
- Assess CI/CD pipelines, IAM configurations, and internal services for exploitable weaknesses.
- Lead offensive security initiatives and serve as the organization’s primary expert for AppSec and enterprise pentesting.
- Track emerging threats, techniques, and vulnerabilities relevant to cloud and enterprise environments.
- Develop custom exploits or proof-of-concepts as needed to validate findings.
- Work with development, infra, and IT teams to validate controls and guide effective remediation.
- Provide actionable risk assessments from an attacker’s perspective.
- Contribute offensive insights to secure system design guidance.
- Assist with code review and threat modeling for software components when offensive insights are needed.
Requirements
- 5+ years of hands-on offensive security experience (AppSec, cloud, or enterprise penetration testing).
- Demonstrated experience leading complex penetration tests for web apps, APIs, and cloud platforms.
- Strong proficiency in offensive tooling (Burp Suite, Nmap, Metasploit, proxy tools, etc.) and manual testing techniques.
- Familiarity with cloud-native attack vectors (AWS/Azure/GCP).
- Proficiency in at least one scripting or exploitation-oriented language (Python, Go, JavaScript, etc.).
- Strong analytical and problem-solving skills with an attacker’s mindset.
- Ability to explain complex technical vulnerabilities to a range of audiences.
Benefits
- Compensation package includes equity and robust benefits.
- High-quality company-subsidized healthcare, disability and life insurance.
- 401(k) retirement planning and flexible PTO.
- Free on-site catered meals.