Listing Description

At Synack, we create technology that unleashes the best cybersecurity talent to secure our digital world.

We protect leading global organizations by reducing companies’ security risk and increasing their resistance to cyber attack. How do we do this? By utilizing the world’s best and most trusted team of ethical hackers who test through our powerful and controlled platform to deliver real security without compromise.

Backed by top-tier venture capital firms including Kleiner Perkins Caufield & Byers, Microsoft, and Google Ventures, Synack's mission is to leverage global security talent coupled with advanced technology to help enterprises discover security vulnerabilities before they become business problems. Discover the possibilities at Synack!

As a member of our Vulnerability Operations team, you will validate and evaluate vulnerabilities found by the best hackers in the world, reporting these threats in real time to our customers. If you would like to join a cutting edge team in cybersecurity fighting to stop the bad guys, keep reading...

Here’s what you'll do

• Validating results - Validate the vulnerabilities discovered by the Synack Red Team by replaying researcher provided proof of concept exploits against our client’s targets, ensuring we deliver the highest quality and actionable vulnerability reports to our clients


• Technical Communication - Interface with our crowd of hackers, the Synack Red Team, to ensure alignment between their efforts and the security needs of our customers


• Client Communication - Be the InfoSec technical expert while assisting internal stakeholders during client communication, ensuring security assessments run smoothly and exceed our client’s expectations

Here’s what you’ll need

• Bachelor’s degree in Computer Science or a related field, or equivalent work experience is not a requirement but may help.


• 2+ years of experience as a Penetration Tester, Vulnerability Management, Incident Response or a similar role. Web application penetration testing experience is the most applicable experience for being successful at this role.


• Knowledge of web applications and vulnerabilities along with standard mitigation strategies.


• Strong analytical and problem solving abilities to assess the severity and impact of reported vulnerabilities.


• Ability to analyze exploitability and potential risks associated with each vulnerability.


• Exceptional attention to detail to accurately validate and proofread vulnerability reports.


• Familiarity with security tools and software used in vulnerability assessments and penetration testing (e.g. Burp Suite, SQLMap, Frida, Metasploit).


• Familiarity with industry standards and organizations such as CVSS, MITRE ATT&CK, OWASP.


• A commitment to staying up to date with the latest security threats, vulnerabilities and industry best practices.


• Awareness of cultural differences and the ability to interact respectfully with researchers from diverse backgrounds.


• Ability to handle unexpected challenges.


• Strong ethical principles and the ability to handle sensitive information responsibly and confidentially.


• Effective time management skills to handle a large volume of reports and prioritize them appropriately.


• Interpersonal skills to build and maintain positive working relationships with researchers, co-workers and clients.


• Due to our need to support our United States Federal Government contracts, candidates must be citizens of the United States.

Here's how to get some cool points!

• Offensive Security certifications, Burp Suite Certified Practitioner or any penetration testing focused certifications are a plus


• Bug bounty experience is a plus

Yes, there will be a pop quiz!

All candidates that advance to the technical portion of the interview process must be prepared to take a basic technical assessment to demonstrate practical application of required skills. The technical portion will be conducted after the verbal technical interview. Here is how you can know if you are prepared:

• Have the right tools for the job!
  
  
  
  • Burp Suite (any), or similar proxy tool such as Zap fully working and configured with your browser.
  
  
  • Browser Inspect and/or debugger
  
  
  
  


• Be prepared to share your screen.


• Be prepared to describe your methodology and thought process as you work through the challenges in real-time.


• Be able to demonstrate proper enumeration and testing processes.


• Be able to demonstrate a working knowledge of the tools being used.

Ready to join us?

Synack is committed to embracing diversity. Our people are our strength.  Each addition to our team is an opportunity to grow and diversify our ideas, experiences, and viewpoints. We strive to be inclusive of Race, Ethnicity, Religion, Sex, LGBTQ+, Veterans, Disabilities, and Age.  Synack welcomes you!

As a candidate, Synack cares about your privacy. Please view our candidate privacy policy here.

$70,000 - $115,000 Salary is determined by a combination of factors including location, level, relevant experience, and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity, and benefits.

For more details about our benefits, please see here. Then for the Employer code, enter: synack