Penetration Tester
External
Sprocketsecurity · WorldwidePrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Perform web application testing across a large and diverse client base using established methodologies, and creating your own.
- Perform network and wireless testing methodologies at scale from time to time.
- Discover newly exploitable systems across our fleet of clients. It's fun to test that new vulnerability the day it's released!
- Build payloads and C2 infrastructure that evades defenses.
- Mimic tactics and techniques used by real-world adversaries.
- Show impact with post-exploitation activities.
- Manage our platform by conducting tasks, write findings, and work with clients to help detect and prevent.
- Build scripts, tooling, or templates to improve personal testing efficiency and contribute ideas for future automation in the platform. You'll commonly program in the following languages: Ruby, Python, PowerShell, C# Bash, etc.
- Advanced usage of the following tools: Burp Suite Pro, Nessus, Metasploit, CobaltStrike, etc.
- Manage project lifecycles and present professionally to clients. Kickoff calls, debriefs, etc.
- Work closely with development teams to migrate human-driven tasks into automation.
- Work with AWS, Azure, terraform, ansible, and gitlab pipelines.
Requirements
- Minimum:
- Three or more years of hands-on penetration testing experience.
- One or more years of hands-on web application penetration testing experience.
- Detailed knowledge of identifying and exploiting vulnerabilities in Windows, Linux, and cloud -based systems.
- Programming experience in Ruby, Python, Bash. Bonus (C#, JavaScript, terraform, ansible).
- One publicly available contribution to the security community? (e.g., open-source tool or code on GitHub, published blog posts, conference talk, podcast, research paper etc etc)
- Clear and concise verbal and written skills.
- United States resident
- Preferred:
- OSCP or equivalent skills-based certification mandatory, or will need to obtain within 12 months of employment.
- Adversary Simulation experience.
- Has industry involvement by contributes research, open-source projects, or public speaking
- Experience managing or working with management on security projects and teams. Bonus if CISSP certified.
- Remote work acceptable.
- Preferred proximity to Madison, WI
Benefits
Additional Information
Company Mission - Our mission is to help secure as many companies as possible, by using the best way of doing so, penetration testing. Sprocket Security prioritizes offensive security for enterprises, empowering them to build robust defense strategies based on individual business risk. How - At Sprocket Security, we've built an expert-driven Continuous Penetration Testing platform that blends cutting-edge automated and manual testing methods. Your Mission - You will be part of our passionate and innovative Service Delivery team, simulating real-world cyber-attack tactics, techniques, and procedures (TTPs). We look for risks and security vulnerabilities utilized by real-world attackers, and you'll contribute directly to uncovering and explaining them. This role is ideal for an individual who wants to deepen their craft, learn continuous testing at scale, and grow in their career.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at sprocketsecurity? Share your experience