Senior Penetration Tester
Remote
Applications have closed
SecurityScorecard
10x your security performance with the world's most powerful, AI-driven platform that identifies and eliminates cyber risk across all of your attack surfaces.About SecurityScorecard:
Funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV, Riverwood Capital, and others with over $290 million in funding, SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 2M+ companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 16,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. This is done by measuring your and your vendors' cyber-health by assigning a security rating of "A" through "F" based on outside-in, non-intrusive data. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors.
SecurityScorecard is headquartered in NYC with over 450+ employees globally. Our culture has helped us be recognized by Inc Magazine as a "Best Workplace," "Best Places to Work in NYC" by Crain's NY, and one of the 10 hottest SaaS startups in NY for two years in a row. $
Why join SecurityScorecard’s Professional Services Team?
Our teams are composed and led by former intelligence community, law enforcement, military cyber operators and practitioners. For each engagement we leverage our STRIKE research and intel team, SecurityScorecard Platform, Attack Surface Intelligence (ASI) to inform how we conduct our penetration testing, red teaming, threat emulation, incident response or other customer requested security assessments, advisory or consulting.
Advantages of working with SecurityScorecard:
We understand threats, risks, and how threat actors operate. We offer end to end solutions to support customers for the purposes of compliance, raising the cost to adversaries or other business outcomes. We provide specific direction with our cybersecurity and resiliency services, driven by our superior cybersecurity data, best practices and front-line lessons learned. We provide value by showing customers where they are vulnerable, and prioritized mitigation. The team recently expanded with the acquisition of LIFARS, a global leader in Incident Response, Digital Forensics, Penetration Testing and Ransomware Mitigation.
Whom are we looking for?
SecurityScorecard is looking for a self-motivated, creative, reliable, diligent, detail-oriented, and clever individual Senior Penetration Tester to join our Active Security Team to conduct penetration testing and threat emulation. This is an exciting opportunity to support and enable organizations worldwide to prepare for and combat cyber-attacks.
Responsibilities:
- Perform vulnerability assessments, penetration testing on a variety of web and mobile applications to include Active Directory and cloud environments.
- Serve as a team lead on customer engagements
- Conduct phishing campaigns and red teaming engagements.
- Collaborate with other penetration testers and offensive security team members.
- Assist in educating clients on exploited vulnerabilities and remediation strategies to protect against future exploits or attacks.
Requirements:
- At least 4 years of related work experience in the fields of computer science, information systems, engineering, or a related degree preferred.
- At least 3 years of experience in one or more of the following areas: penetration testing and red teaming; security testing of web and mobile-based applications; application security source code assessments.
- Strong Unix, Windows, networking, wireless security skills and a deep understanding of networking.
- Strong technical skills related to a broad range of operating systems and databases; experience with programming in a mainstream language such as: Java, C, C++, C#, ASP, and .NET., Python, PowerShell, Bash or similar languages.
- Manual penetration testing experience above and beyond running automated tools is required, understanding of OWASP testing guides and MITRE ATT&CK.
- Experience developing custom scripts or programs (e.g. vulnerability identification) as well as application development is a plus.
- Excellent presentation and verbal skills
- Able to work collaboratively with a remote team
- At least one of the networking, OS and general security certifications - CCNA / Comptia Network +, Comptia Security +, LPIC / Comptia Linux +, Cloud related certifications from AWS or Azure
- At least one of the security- related certification such as the OSCP, GXPN, GPEN, OSWP, PNPT, CEH, CRTP, OSCE, CRTE or other relevant certification desired; non- certified hires are required to become certified within 1 year from the date of hire.
- History of published security research assigned CVE vulnerabilities, history of successful bug bounty and CTFs are a plus.
Benefits
We offer a competitive salary, stock options, a comprehensive benefits package, including health and dental insurance, unlimited PTO, parental leave, tuition reimbursements, and much more!
SecurityScorecard embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skillsets, ideas, and perspectives. We make hiring decisions based upon merit and do not discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Application security AWS Azure Bash C CEH Cloud Compliance CompTIA Computer Science Exploits Forensics GPEN GXPN Incident response Java Linux MITRE ATT&CK Offensive security OSCE OSCP OSWP OWASP Pentesting PowerShell Python Risk management SaaS Security assessment UNIX Vulnerabilities Windows
Perks/benefits: Competitive pay Equity Health care Insurance Parental leave Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs