Offensive Security Analyst

Job not on LinkedIn

🔥 0 minutes ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Sprocket Security

Sprocket Security

11 - 50 employees

🔒 Cybersecurity

☁️ SaaS

💸 Finance

Cybersecurity • SaaS • Finance

Sprocket Security is an expert-driven offensive security platform specializing in continuous security testing, penetration testing, and adversary simulations. The company focuses on providing year-round protection through persistent testing and control validation against real-world threat actors. Sprocket Security works with industries such as manufacturing, finance, banking, and insurance to strengthen security postures by identifying potential attack paths and uncovering vulnerabilities in systems through their attack surface management services. They offer a range of testing services including social engineering and web application testing to detect vulnerabilities. By integrating automation and expert penetration testers, Sprocket Security provides a comprehensive solution for monitoring and securing IT assets continuously.

📋 Description

• Triage, validate, and QA findings surfaced by Sprocket's automation. Reproduce, confirm true positives, and eliminate false positives before anything reaches a client. • Author and refine findings to client-ready quality in the Sprocket voice, and publish them through the platform. • Calibrate severity to real business impact against Sprocket's standards, judging real-world impact over theoretical. • Handle roughly 90% of findings independently and make accurate handle-versus-escalate decisions using the platform workflow, escalating the hard 10% to an Adversarial Engineer with full context attached. • Feed pattern-level signal back to R&D and the Adversarial Engineering team to tune attack automations and cut false positives at the source. You'll be one of the tightest feedback loops we have into R&D. • Log validation notes, flag false-positive patterns, and contribute to the knowledge base. • Script away repetitive validation steps wherever they appear. • Partner with your fellow R&D team members and the Service Delivery team on the automation feedback loop and client-experience improvements. • Seek to programmatically enhance automation pipeline with new or updated capabilities when triage is complete and capacity allows, pairing with an Adversarial Engineer as needed. • Attend daily standups, weekly 1:1s, monthly company calls, and all-hands.

🎯 Requirements

• Demonstrated experience triaging or reproducing vulnerabilities surfaced by a security tool (vulnerability scanner, SAST/DAST/SCA/IAST, or similar automation) in a professional setting. • Some software programming experience, Python preferred. • Some exposure to utilizing Generative AI tools for day-to-day tasks, Claude preferred. • A strong Development, IT, or Infosec foundation, paired with genuine, self-directed security study. • Enough security depth to validate common vulnerability classes hands-on, including OWASP Top 10, network, and auth issues, not just name them. • Clear, detail-oriented written communication that holds up under volume. • The self-direction to manage a high-volume queue independently, without hourly guidance. • Security+, eJPT, CPTS, PNPT, or a similar foundational credential (preferred). • CTF achievements (HackTheBox, TryHackMe, PortSwigger Academy) (preferred). • A degree in computer science, engineering, or IT (preferred). • Genuine interest in working toward OSCP or an equivalent hands-on certification over time (preferred).

🏖️ Benefits

• Unlimited and mandatory PTO for healthy work/life balance. • Company matched 401k (immediate eligibility, no one should have to wait to start saving). • 75% company contribution for health insurance for employees and 50% for dependents. • 100% company contribution for dental and vision. • Flexible working hours. • Hardware and tools of your choice • Support for your career development with paid training, conferences, certifications, etc.

Apply Now

Similar Jobs

🕒 2 days ago

UBC

1001 - 5000

🧬 Biotechnology

⚕️ Healthcare Insurance

💊 Pharmaceuticals

IT Security Analyst at UBC ensuring the security and compliance of information system assets. Leading vulnerability management and collaborating on incident response efforts.

🕒 2 days ago

UBC

1001 - 5000

🧬 Biotechnology

⚕️ Healthcare Insurance

💊 Pharmaceuticals

A hands-on Senior IT Security Analyst maintaining and improving UBC's Cybersecurity program. Involves threat analysis, incident response, and compliance with security standards.

🕒 2 days ago

SNHU Careers

10,000+ employees

📚 Education

🤝 Non-profit

🎯 Recruiter

Information Security Analyst I at SNHU responsible for threat detection and incident response in a remote environment from approved states. Join a team dedicated to transforming lives through technology and security.

🕒 2 days ago

Twilio

5001 - 10000

Security Compliance Analyst at Twilio managing regulatory strategy and cybersecurity compliance initiatives. Collaborating across departments while ensuring compliance and operational effectiveness.

🕒 2 days ago

Endpoint Security Analyst specializing in endpoint security, vulnerability management, and application security. Planning and implementing security measures for A.T. Still University as a fully remote role.