Senior Pentester

Synack

Synack

Remote
Posted 6+ months ago

At Synack, we create technology that unleashes the best cybersecurity talent to secure our digital world.

We protect leading global organizations by reducing companies’ security risk and increasing their resistance to cyber attack. How do we do this? By utilizing the world’s best and most trusted team of ethical hackers who test through our powerful and controlled platform to deliver real security without compromise.

Backed by top-tier venture capital firms including Kleiner Perkins Caufield & Byers, Microsoft, and Google Ventures, Synack's mission is to leverage global security talent coupled with advanced technology to help enterprises discover security vulnerabilities before they become business problems. Discover the possibilities at Synack!

We are looking for a talented penetration tester with experience in various types of offensive security engagements to help us establish and build a new team within Synack. Since the team is new and will start small, we are seeking candidates with a variety of skills who are looking to collaborate with one another and pick up things that they haven’t already mastered on the fly.

Please note: This is a remote position based in the U.S. Due to federal government contract requirements, we can only hire U.S. citizens for this position.

Sounds interesting? Keep reading...

Here’s what you'll do

  • Participate in discussions with clients to learn about their environment and applications, learn about what they want tested, agree upon scope and Rules of Engagement, and organize test schedules.
  • Create detailed technical reports describing vulnerabilities that are found, how they were found, how you exploited them, and how a customer should remediate them.
  • Produce executive summary reports that communicate business risk of the vulnerabilities that you identify and the importance of prioritizing remediation.
  • Assist customers that have questions about our remediation advice.
  • When not actively engaged on a pentest, assist the Vuln Ops team with triage and adjudication of vulnerabilities submitted by the Synack Red Team against our customer’s assets.

Here’s what you’ll need

  • Experience aligning engagement reporting with the MITRE ATT&CK framework.
  • Experience briefing engagement results to “C-suite” and executive level federal employees.
  • At least one of the following industry certifications: eCPTX, eWPTX, or OSCP.
  • A Red Team specific certification such as the CRTO or GRTP.
  • 5+ years of experience performing red teaming against enterprise environments.
  • 5+ years of experience penetration testing Active Directory environments.
  • 5+ years of experience in web application penetration testing.
  • Proven experience in bypassing industry WAF (e.g. Akamai, Cloudflare, F5).
  • Proven experience in post-exploitation techniques (e.g. lateral movement, evasion, persistence, etc.).
  • Experience with various command and control (C2) frameworks such as Cobalt Strike.
  • Familiarity with common cloud security vulnerabilities and exploit vectors (e.g. common misconfigurations, etc.).
  • Experience with both assumed breach scenarios and scenarios where breaching the perimeter is required.
  • Excellent written and verbal communication skills.
  • Candidates must be US citizens.

Bonus Points

  • Experience in secure coding (OSWE, etc.).
  • Basic proficiency in scripting languages (Python, Bash, etc.).
  • Experience in table top exercises, threat emulation, attacking industrial control systems (ICS), or wireless penetration testing.
  • Ability to obtain or current United States Government Security Clearance.
  • Success in bug bounty / crowdsourced penetration testing.
  • Published CVEs.
  • Public responsible disclosure acknowledgements.
  • Experience presenting research at industry conferences.
  • Tool development - personal or published for the community.
  • Experience competing in CTF challenges.
  • Experience using the CVSS framework.
  • IoT/Hardware testing experience.
  • Experience in containerization breakouts.

Ready to join us?

Synack is committed to embracing diversity. Our people are our strength. Each addition to our team is an opportunity to grow and diversify our ideas, experiences, and viewpoints. We strive to be inclusive of Race, Ethnicity, Religion, Sex, LGBTQ+, Veterans, Disabilities, and Age. Synack welcomes you!

As a candidate, Synack cares about your privacy. Please view our candidate privacy policy here.

$125,000 - $185,000 Salary is determined by a combination of factors including location, level, relevant experience, and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity, and benefits.

For more details about our
benefits, please see here. Then for the Employer code, enter: synack