Jobs · Information Technology

Senior Penetration Tester (US)

BreachLock, Inc. · United States · 1 mo ago
RemoteRemoteInformation TechnologyFull-time

Key Responsibilities

  • Execute web application, API and mobile penetration tests with a focus on manual testing beyond automated scanning — business logic, authentication abuse, authorization flaws, and injection chains
  • Conduct internal network assessments, external network assessments and assumed breach engagements, including Active Directory enumeration, lateral movement, privilege escalation, and post-exploitation
  • Leverage frameworks including MITRE ATT&CK, PTES, and OWASP to structure assessments and findings
  • Develop and contribute to internal tooling — automation scripts, reporting utilities, and workflow improvements using Python, Bash, or similar
  • Participate in QA review cycles, providing structured feedback on findings, CVSS scoring accuracy, and report quality
  • Mentor junior testers through technical guidance and finding review
  • Collaborate with delivery leadership on scoping, client kickoff calls, and remediation guidance

Requirements

  • 3-5 years of professional penetration testing experience in a delivery or consulting context
  • Strong web application and API testing fundamentals — Burp Suite proficiency, OWASP Top 10 and beyond, authentication and session management testing
  • Solid internal network assessment skills — AD enumeration, Kerberoasting, NTLM relay, ADCS misconfigurations, assumed breach methodology
  • Proficiency in scripting and automation (Python, PowerShell, Bash)
  • Strong written communication — capable of writing clear, accurate, well-scoped findings independently
  • Familiarity with PTaaS delivery models or platform-based reporting workflows is a plus

Preferred Experience

  • With C2 frameworks (Cobalt Strike, Havoc, Sliver, or similar)
  • Active involvement in cybersecurity communities, research, or bug bounty programs
  • Certifications such as OSCP, BSCP, CRTO, GWAPT, GPEN, or equivalent practical credentials
  • Experience with SIEM platforms or EDR tools from an adversarial perspective

Similar jobs

Senior Penetration Tester

Accenture Federal ServicesArlington, VA· Yesterday
Information Technology$106k–$221k/yrapply on boards.greenhouse.io

Senior Penetration Tester

SchellmanUnited States· 3 wk ago
RemoteInformation Technologyapply on schellman.wd504.myworkdayjobs.com