Senior Penetration Tester

This is a fully remote position, open to applicants in United States.

📋 Description

• Conduct penetration tests on web applications, APIs, and mobile platforms, emphasizing manual testing methods that go beyond automated scans — focusing on business logic, authentication exploitation, authorization vulnerabilities, and injection sequences.

• Perform assessments of internal and external networks, as well as assumed breach scenarios, which include Active Directory enumeration, lateral movement, privilege escalation, and post-exploitation activities.

• Utilize frameworks such as MITRE ATT&CK, PTES, and OWASP to organize assessments and document findings.

• Create and enhance internal tools — including automation scripts, reporting utilities, and improvements to workflows using languages like Python, Bash, or similar.

• Engage in QA review cycles, offering structured feedback on findings, accuracy of CVSS scoring, and overall report quality.

• Mentor junior testers by providing technical guidance and reviewing their findings.

• Work collaboratively with delivery leadership on project scoping, client kickoff meetings, and providing remediation advice.

⛳️ Requirements

• 3–5 years of professional experience in penetration testing within a consulting or delivery environment.

• Strong foundational knowledge in web application and API testing — proficiency in Burp Suite, understanding of the OWASP Top 10 and beyond, as well as testing for authentication and session management.

• Solid skills in internal network assessments — including AD enumeration, Kerberoasting, NTLM relay, ADCS misconfigurations, and experience with assumed breach methodologies.

• Proficient in scripting and automation using Python, PowerShell, or Bash.

• Excellent written communication skills — able to independently write clear, precise, and well-scoped findings.

• Familiarity with PTaaS delivery models or platform-based reporting workflows is advantageous.

• Must be based in the US and eligible to work without sponsorship.

🏝️ Benefits

• Competitive salary along with performance-based equity opportunities.

• Flexible working hours with options for hybrid remote work.

• Opportunity to collaborate with international experts in cybersecurity.

• Strong potential for career advancement in a rapidly growing early-stage company.

• Exposure to innovative research, tools, and techniques in offensive security.