Listing Description
As a penetration tester at Sprocket Security, you'll work on our private platform testing client networks with an open-door / continuous policy. You'll primarily work on external, internal, web app, social engineering projects. Additional services such as covert/red teaming, mobile app testing, physical, wireless, etc. will be performed.
Qualifications
Minimum:
* Two or more years of hands-on penetration testing experience.
* OSCP or equivalent skills-based certification.
* Detailed knowledge of identifying and exploiting vulnerabilities in Windows, Linux, and cloud -based systems.
* Clear and concise verbal and written skills.
* Ability to manage time efficiently while working remotely and without being micromanaged.
Preferred:
* Contributes to industry via conference talks and tools or research (show us your git repos!).
* Programming experience in Ruby, Python, Bash. Bonus (C#, JavaScript, terraform, ansible).
* Social engineering (physical, phishing, vishing) experience.
* Red team, purple team, and adversary simulation experience.
* Experience managing or working with management on security projects and teams. Bonus if CISSP certified.
* Remote work acceptable. Preferred proximity to Madison, WI
Company Benefits
* Company matched 401k (immediate eligibility, no one should have to wait to start saving)
* Unlimited time off
* Health insurance
* Work remotely (Sprocket is a remote first company)* Perform network, web application, and wireless testing methodologies at scale.
* Discover newly exploitable systems across our fleet of clients. It's fun to test that new vulnerability the day it's released!
* Build payloads and C2 infrastructure that evades defenses.
* Mimic tactics and techniques used by real-world adversaries. Show impact with post-exploitation activities.
* Perform occasional point-in-time tests and red team (covert) engagements.
* Build and perform social engineering tests at scale using the latest techniques and payloads.
* Manage our platform by conducting tasks, write findings, and work with clients to help detect and prevent.
* Develop tools and contribute to our automated infrastructure. You'll commonly program in the following languages: Ruby, Python, PowerShell, C# Bash, etc.
* Advanced usage of the following tools: Burp Suite Pro, Nessus, Metasploit, CobaltStrike, etc.
* Manage project lifecycles and present professionally to clients. Kickoff calls, debriefs, etc.
* Work closely with development teams to migrate human-driven tasks into automation. Work with AWS, Azure, terraform, ansible, and gitlab pipelines.
Listing Details
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: No Requirements
- Travel: Travel 25
- Telework: Full Telecommute