Penetration Tester

Summary

Join Bishop Fox, a leader in continuous offensive security and penetration testing, and collaborate with a dedicated team to tackle complex challenges for globally recognized organizations. As a penetration tester, you will test web applications, hack networks, reverse software, and provide expert opinions to clients. This role requires 4+ years of experience in web application penetration testing and 5+ years in application security. You will work on diverse projects, from short-term engagements to extended programs. Bishop Fox offers a supportive environment with benefits such as generous time off, team events, work-from-home support, food coupons, a training budget, a saving fund, and health insurance options.

Requirements

• 4+ years of experience in planning, conducting, and managing web application penetration tests
• 5+ years of application security experience
• Deep understanding of security fundamentals (OWASP), common vulnerabilities, and application security best practices
• Skilled in vulnerability assessment and the development of exploits for diverse targets
• Strong technical reporting and documentation skills

Responsibilities

• Test web applications, hack networks, and reverse software
• Work on a variety of projects which include short-term engagements and extended program work with well-established clients
• Solve challenging technical problems and build creative solutions
• Provide your expert opinion to help our clients navigate difficult business decisions

Preferred Qualifications

• Experience with AWS cloud environments preferred, with an understanding of its major technologies, such as IAM, EC2, VPC, EBS, S3, CloudWatch, and Lambdas, and how to keep them secure
• Experience with cloud platforms and technologies, including Azure, GCP, Docker, and Kubernetes
• A background in system and network security, authentication and security protocols, and applied cryptography is helpful
• Experience with programming and scripting languages such as Python, Ruby, PowerShell, Java, JavaScript, etc
• Proficiency with operating systems- Linux, Windows, MacOS
• Experience with network and system exploitation, including modern tactics, techniques, and procedures (e.g. c2 frameworks, EDR bypass, privilege escalation, password cracking, lateral movement, etc.)
• Advanced relevant academic training, such as a degree in Computer Science or an OSCP, is a definite bonus

Benefits

• Generous Time Off and Company-Wide Holidays
• Team Events and International Travel Opportunities
• Work From Home Support
• Food Coupons
• Training Budget
• Saving Fund
• Health Insurance Options Including Medical, Dental, Vision