Senior Pentester

November 21

Apply Now

Receive Emails with Similar Jobs

Synack, Inc.

WebsiteLinkedInAll Job Openings

Synack is the premier security testing platform harnessing a vetted community of the world’s most talented security researchers to deliver continuous penetration testing and vulnerability management. We help our customers build and augment their security testing capabilities and capacity to deliver transformational results—better than traditional pentesting methods. We are committed to reducing cybersecurity risk for our customers by bridging the cybersecurity talent gap and giving organizations on-demand access to the most trusted network of researchers in a secure way, all on one platform.

201 - 500 employees

📋 Description

• Participate in discussions with clients to learn about their environment and applications, learn about what they want tested, agree upon scope and Rules of Engagement, and organize test schedules. • Conduct independent and collaborative penetration tests across infrastructure, web applications, mobile platforms, APIs, and cloud environments • Design and execute test plans simulating real-world adversarial behavior • Identify, exploit, and document vulnerabilities with technical detail, reproducible steps, and business impact analysis • Write professional reports including technical results, risk ratings, and mitigation recommendations • Translate technical findings into business impact and recommendations for security hardening. • Track evolving TTPs, zero-day research, and attack surface changes relevant to client environments

🎯 Requirements

• Experience aligning engagement reporting with the MITRE ATT&CK framework. • Experience briefing engagement results to “C-suite” and executive level federal employees. • A Red Team specific certification such as the CRTO or GRTP. • 2+ years of experience performing adversary emulation against commercial or federal environments. • 5+ years of experience penetration testing in one or more of these areas: Active Directory, web application, host, cloud, ICS/SCADA • Proven experience in bypassing industry WAF (e.g. Akamai, Cloudflare, F5). • Proven experience in post-exploitation techniques (e.g. lateral movement, evasion, persistence, etc.). • Experience with various command and control (C2) frameworks such as Cobalt Strike, Sliver, Merlin, etc. • Familiarity with common cloud security vulnerabilities and exploit vectors (e.g. common misconfigurations, etc.). • Experience with both assumed breach scenarios and scenarios where breaching the perimeter is required. • Excellent written and verbal communication skills. • Strong understanding of vulnerability classes (e.g., OWASP Top 10, CWE Top 25) and exploitation techniques • Experience with threat modeling methodologies: PASTA, TRIKE, STRIDE • Scripting or automation in Python, Bash, or PowerShell • Strong communication and technical documentation skills • Experience scoping penetration testing engagements • Experience briefing engagement results to different customer levels • Experience classifying vulnerabilities using CVSS • At least one advanced industry certification, i.e. OSCP, OSWE, OSEP. • Candidates must be US citizens.

🏖️ Benefits

• Company benefits include health insurance and retirement plans • Equity may be included in the compensation package