Junior Penetration Tester (US Applicants Only)

Our team is seeking an individual to join our penetration testing team who wants to spend more time hacking, and less time writing reports, managing customers, and traveling.

We strive to develop a Work-to-Live rather than a Live-to-Work culture. Don't get us wrong, we *love* what we do, but we enjoy having personal lives too. Although, members of our team have been known to burn the midnight oil competing in Capture-the-Flag competitions, or working on personal projects.

Security is a constantly evolving and fascinating field. Because our team wants to keep up with, and pioneer, our industry, SecurityMetrics provides us with training resources, practice environments, and one-on-one coaching. Our team uses these resources to improve our methodologies, and brush up on our skills.

Remember how we like having personal lives? We try our best to minimize unnecessary travel. In 2022, we only had 5 days of travel across our whole team. Not only does this provide us with more time for our private lives, but it also allows us to learn, collaborate, and work together as a team.

Speaking of our team, we have been performing penetration tests for over a decade, we have also been attending DefCon as a team for just as long. Additionally, members of our team have worked previously as Developers, System Administrators, Network Administrators, Security Auditors, and more. We have a wealth of information in our group that we are looking to share, and we hope that you will add to it.

- Perform application penetration tests

- Perform internal and external network penetration tests

- Identify and Exploit vulnerabilities

- Pivot internally without negatively impacting the environment

- Document vulnerability impact to customer's environment

- Consult with customers on how to improve their security posture

- Contribute personal knowledge to the team

- Salaried full-time position

- Quality-based incentives

- Competitive benefit package

- Professional penetration testing training

- 2+ years of penetration testing or bug bounty experience (optional, but preferred)

- Willing to relocate to Utah, Colorado, or Oregon (as needed)

- Fluent in English

- Access to reliable, high speed internet connection

The ideal candidate would possess the following attributes:

- Passion for security

- Disciplined

- Self-starter

- Experience with training platforms (i.e., HackTheBox, Pentesterlab, TryHackMe)

The ideal candidate would possess the following skills:

- Familiar with Web application proxies (MiTM proxy, ZAP, Burp)

- Comfortable manipulating and crafting HTTP requests

- Competent at identifying and exploiting web application vulnerabilities (SQL Injection, XXE, Command Execution, Cross Site Scripting, Cross Site Request Forgery, Privilege escalation, etc.)

- Familiar with various API’s (REST, SOAP, JSON, etc)

- Familiar with exploiting and chaining vulnerabilities to maximize their impact

- Familiarity with the OWASP Testing Guide

- Competent at identifying and exploiting network vulnerabilities (Active Directory misconfigurations, known vulnerabilities, etc.)

- Competent at enumerating and mapping an internal network

- Comfortable documenting vulnerabilities, as well as the steps necessary to reproduce and remediate documented vulnerabilities

- Industry Certifications – (OSCP, PNPT, BSCP, eJPT)

Salary Range: $65K - $85K+ Depending on experience