Penetration Tester - Sprocket Security Madison, WI, USA Bookmark Share Print 1176 1 12

Listing Description

As a penetration tester at Sprocket Security, you'll work on our private platform testing client networks with an open-door / continuous policy. You'll primarily work on external, internal, web app, social engineering projects. Additional services such as covert/red teaming, mobile app testing, physical, wireless, etc. will be performed.

Qualifications

Minimum:

* Two or more years of hands-on penetration testing experience.

* OSCP or equivalent skills-based certification.

* Detailed knowledge of identifying and exploiting vulnerabilities in Windows, Linux, and cloud -based systems.

* Clear and concise verbal and written skills.

* Ability to manage time efficiently while working remotely and without being micromanaged.

Preferred:

* Contributes to industry via conference talks and tools or research (show us your git repos!).

* Programming experience in Ruby, Python, Bash. Bonus (C#, JavaScript, terraform, ansible).

* Social engineering (physical, phishing, vishing) experience.

* Red team, purple team, and adversary simulation experience.

* Experience managing or working with management on security projects and teams. Bonus if CISSP certified.

* Remote work acceptable. Preferred proximity to Madison, WI

Company Benefits

* Company matched 401k (immediate eligibility, no one should have to wait to start saving)

* Unlimited time off

* Health insurance

* Work remotely (Sprocket is a remote first company)* Perform network, web application, and wireless testing methodologies at scale.

* Discover newly exploitable systems across our fleet of clients. It's fun to test that new vulnerability the day it's released!

* Build payloads and C2 infrastructure that evades defenses.

* Mimic tactics and techniques used by real-world adversaries. Show impact with post-exploitation activities.

* Perform occasional point-in-time tests and red team (covert) engagements.

* Build and perform social engineering tests at scale using the latest techniques and payloads.

* Manage our platform by conducting tasks, write findings, and work with clients to help detect and prevent.

* Develop tools and contribute to our automated infrastructure. You'll commonly program in the following languages: Ruby, Python, PowerShell, C# Bash, etc.

* Advanced usage of the following tools: Burp Suite Pro, Nessus, Metasploit, CobaltStrike, etc.

* Manage project lifecycles and present professionally to clients. Kickoff calls, debriefs, etc.

* Work closely with development teams to migrate human-driven tasks into automation. Work with AWS, Azure, terraform, ansible, and gitlab pipelines.