Penetration Tester
Sprocket Security3 months ago
Remote, WorldwideMid Level / Senior
Responsibilities
- Perform web application testing using established and self-created methodologies.
- Conduct network and wireless testing methodologies at scale.
- Discover newly exploitable systems across client fleets.
- Build payloads and C2 infrastructure that evade defenses.
- Mimic tactics and techniques used by real-world adversaries.
- Show impact with post-exploitation activities.
- Manage the platform by conducting tasks, writing findings, and collaborating with clients.
- Build scripts, tooling, or templates to improve testing efficiency.
- Utilize advanced tools like Burp Suite Pro, Nessus, and Metasploit.
- Manage project lifecycles and present findings to clients.
- Work closely with development teams to automate human-driven tasks.
- Engage with AWS, Azure, terraform, ansible, and gitlab pipelines.
Requirements
- Three or more years of hands-on penetration testing experience.
- One or more years of hands-on web application penetration testing experience.
- Detailed knowledge of identifying and exploiting vulnerabilities in Windows, Linux, and cloud-based systems.
- Programming experience in Ruby, Python, and Bash; bonus for C#, JavaScript, terraform, ansible.
- One publicly available contribution to the security community.
- Clear and concise verbal and written communication skills.
- Must be a United States resident.
- OSCP or equivalent skills-based certification is mandatory or must be obtained within 12 months.
- Adversary Simulation experience is preferred.
- Experience managing or working with management on security projects and teams is a bonus.
Benefits
- Unlimited and mandatory PTO for a healthy work/life balance.
- Company matched 401k with immediate eligibility.
- 75% company contribution for health insurance for employees and 50% for dependents.
- 100% company contribution for dental and vision insurance.
- Flexible work schedule focused on results rather than fixed hours.
- Choice of hardware and tools.
- Support for career development with paid training, conferences, and certifications.