Penetration Tester

This is a fully remote position, open to applicants in United States.

📋 Description

• You are a penetration tester skilled in navigating source code.

• You have legally explored applications and compromised networks.

• Your enthusiasm for hacking and information security drives your work.

• In collaboration with our teams based in the US and internationally, you will support clients across various industries.

• At Bishop Fox, your role will involve testing web applications, infiltrating networks, and reverse engineering software.

• As a consultant, you will engage in a diverse range of projects, including both short-term assignments and long-term collaborations with established clients.

• You will tackle complex technical challenges and devise innovative solutions.

• As a trusted advisor, you will offer your expertise to assist clients in navigating challenging business decisions.

⛳️ Requirements

• Over 4 years of experience in planning, executing, and overseeing web application penetration tests.

• More than 5 years of experience in application security.

• A solid grasp of security principles (OWASP), prevalent vulnerabilities, and best practices in application security.

• Proficient in vulnerability assessment and the creation of exploits for a variety of targets.

• A background in system and network security, authentication, security protocols, and applied cryptography is advantageous.

• Familiarity with programming and scripting languages such as Python, Ruby, PowerShell, Java, JavaScript, etc.

• Experience in reviewing Golang source code for vulnerabilities is a plus.

• Proficient with operating systems including Linux, Windows, and MacOS.

• Experience with network and system exploitation, including modern tactics, techniques, and procedures (e.g., C2 frameworks, EDR bypass, privilege escalation, password cracking, lateral movement, etc.).

• Strong skills in technical reporting and documentation.

• Advanced academic qualifications, such as a degree in Computer Science or an OSCP, are highly desirable.

• Preferred experience with AWS cloud environments, including an understanding of key technologies like IAM, EC2, VPC, EBS, S3, CloudWatch, and Lambdas, along with securing them.

• Secondary expertise in one or more of the following areas is preferred: Cloud Security Assessments, Mobile Application Security Testing, Hybrid Application Assessments, or AI/LLM Security Assessments. You should be able to communicate technical findings effectively to both technical and executive stakeholders, including providing actionable remediation guidance.

🏝️ Benefits

• Our extensive benefits program is designed to meet your needs at a competitive price.

• We promote diversity and foster an inclusive culture.

• We value our employees and their individuality, which cultivates a strong and collaborative talent pool.