Penetration Testing Consultant

Summary

Join Crosslake, a firm supporting changemakers in buying, building, and running better technology, as a penetration tester. You will perform network-based penetration testing, web application and API penetration testing, and red team exercises to identify and assess vulnerabilities. Responsibilities include writing clear reports for clients, advising on security best practices, and collaborating with other practitioners. The role requires experience as an apprentice tester, the ability to independently drive projects to completion, and delivering at least one penetration test per week. You will work with private equity companies and investment firms, collaborating with internal and client technical leads to ensure timely execution and high-quality reports. This is a US-based remote position.

Requirements

• Be an apprentice tester for your first 2 projects and then be willing and able to drive a project on your own to successful completion
• Participate in and drive penetration efforts on behalf of clients, collaborating, digging deep, and creating a report for the investors to outline technical vulnerability and risk
• Deliver at least one network, API, or web application penetration test every week
• Work with private equity companies and other investment firms to help them understand the existing technology risks and vulnerabilities that exist in their environment or portfolio
• Collaboratively work in partnership with internal and client technical leads and team members to ensure that planning and execution of penetration testing efforts occur in a timely fashion and reports are of high quality

Responsibilities

• Perform network-based penetration testing for our clients to identify, assess, and report on vulnerabilities in their public facing infrastructure
• Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications
• Perform red team exercises to determine where weaknesses in the client’s infrastructure and how it should be remediated
• Write clear, concise, effective deliverable reports for clients to help them understand their risk posture and how they can reduce it
• Advise clients on security best practices including application design, infrastructure architecture design, and other considerations
• Collaborate with other Crosslake practitioners to socialize penetration testing best practices