Senior Penetration Tester
Sprocket Security
Company Mission - Our mission is to help secure as many companies as possible, by using the best way of doing so, penetration testing. Sprocket Security prioritizes offensive security for enterprises, empowering them to build robust defense strategies based on individual business risk.
How - At Sprocket Security, we've built an expert-driven Continuous Penetration Testing platform that blends cutting-edge automated and manual testing methods.
Your Mission - You will be part of our passionate and innovative Service Delivery team, simulating real-world cyber-attack tactics, techniques, and procedures (TTP). We look for risks and security vulnerabilities utilized by real-world hackers. You will be part of this mission. Come and further your career at Sprocket Security.
Responsibilities:
- Perform network, web application, and wireless testing methodologies at scale.
- Discover newly exploitable systems across our fleet of clients. It's fun to test that new vulnerability the day it's released!
- Build payloads and C2 infrastructure that evades defenses.
- Mimic tactics and techniques used by real-world adversaries.
- Show impact with post-exploitation activities. Perform occasional point-in-time tests and red team (covert) engagements.
- Build and perform social engineering tests at scale using the latest techniques and payloads.
- Manage our platform by conducting tasks, write findings, and work with clients to help detect and prevent.
- Develop tools and contribute to our automated infrastructure. You'll commonly program in the following languages: Ruby, Python, PowerShell, C# Bash, etc.
- Advanced usage of the following tools: Burp Suite Pro, Nessus, Metasploit, CobaltStrike, etc.
- Manage project lifecycles and present professionally to clients. Kickoff calls, debriefs, etc.
- Work closely with development teams to migrate human-driven tasks into automation.
- Work with AWS, Azure, terraform, ansible, and gitlab pipelines.
Requirements:
Minimum:
- Degree (Graduate or a Senior) in Cybersecurity, Computer Science or Information
- Four or more years of hands-on penetration testing experience.
- Red team, purple team, and adversary simulation experience.
- OSCP or equivalent skills-based certification mandatory.
- Detailed knowledge of identifying and exploiting vulnerabilities in Windows, Linux, and cloud -based systems.
- Social engineering (physical, phishing, vishing) experience.
- Programming experience in Ruby, Python, Bash. Bonus (C#, JavaScript, terraform, ansible).
- Clear and concise verbal and written skills.
- United States resident
Preferred:
- Has industry involvement by contributes research, open-source projects, or public speaking
- Experience managing or working with management on security projects and teams. Bonus if CISSP certified.
- Remote work acceptable.
- Preferred proximity to Madison, WI
Benefits:
- Company matched 401k (immediate eligibility, no one should have to wait to start saving)
- Unlimited and mandatory PTO for healthy work/life balance
- 50% company contribution for health insurance for employees and family plans
- 100% company contribution for dental and vision
- Work remotely (Sprocket is a remote first company)
- 10% travel max. Family first culture.
- Dedicated research and development time (30-40%)