Senior Penetration Tester

Summary

Join BPM's team of technical security consultants and penetration testers in the Pacific Northwest as a Senior Security Consultant! This hybrid or remote position (Oregon, Washington, Nevada, Montana, or Idaho residents only) requires a solid understanding of manual penetration testing principles. Prior client-facing penetration testing experience is preferred but not required. You will conduct cybersecurity assessments, uncover vulnerabilities, advise clients on remediation, and perform penetration tests, social engineering, red team operations, application testing, and architecture reviews. BPM fosters a culture of growth and innovation, prioritizing quality over quantity and rewarding creative thinking. Enjoy a flexible work-life balance and make a positive difference for clients and colleagues.

Requirements

• A minimum of five years hands-on experience with security
• A minimum of five years performing system administration, development, or a similar background in technology
• Documented oral and written communication skills including complex technical document preparation
• Strong understanding of network and application protocols (e.g., TCP, UDP, SMB, HTTP, FTP)
• Deep knowledge of how software works and interacts at various layers
• Demonstrates adaptive and critical thinking skills to solve unique and challenging problems
• Ability to use multiple operating systems with high proficiency (e.g., Windows, Linux, macOS)
• Understanding of enterprise technology and experience with Active Directory
• Strong comfort with languages such as Bash, Python, Go, and PowerShell
• Experience with web development technologies (e.g., React, HTML, JavaScript, etc.)
• Experience with tools commonly used to perform security testing (e.g., Nmap, Burp Suite, evilginx, hashcat, Metasploit, Nessus, impacket, C2 frameworks, nuclei, gophish, Dradis, Ghostwriter, etc.)
• Familiarity with industry security standards and frameworks (e.g., NIST SP 800-53, NIST CSF, MITRE)
• Must be able to pass criminal background checks
• Must be eligible to work in the United States without sponsorship
• Ability to thrive in a team environment that operates without ego

Responsibilities

• Perform detailed manual penetration tests of networks, applications, and systems
• Conduct reconnaissance through open source intelligence (OSINT) on target clients to locate exposed data
• Leverage collected data and provided client target details to successfully socially engineer client employees via emails and phone calls
• Perform red team engagements to gain access to client specified resources through covert tests that blend multiple attack vectors
• Document security vulnerabilities in-depth during client engagements
• Effectively communicate findings and provide remediation guidance to both technical and non-technical stakeholders
• Drive internal team innovation, collaboration, and advancement through professional development time

Preferred Qualifications

• Incident response or digital forensics (DFIR) experience
• Bachelor's degree in Computer Science or related technical field
• Security certifications such as OSCP, CISSP, Security+, or similar
• Experience with iOS or Android Mobile application development
• Highly Proficient in at least one programming language such as C++, Java, .NET, Rust, Python, Go
• Experience managing and deploying red team infrastructure
• Have developed tooling or published security research for the greater security community
• Experience with CIS Benchmarks and how to audit against them
• Physical security experience & a desire to travel to client locations

Benefits

• Total rewards package: from flexible work arrangements to personalized benefit structures, 401k match, multiple bonus opportunities, and financial compensation options that give you choice and flexibility
• Well-being resources: interactive wellness platform and incentives, an employee assistance program and mental health resources
• Balance & flexibility: Firm Holidays, Flex PTO, paid family leave, winter break, and remote work options , so you can balance challenging yourself with taking care of yourself
• Professional development opportunities: our cyber security team is led by technical subject matter experts that understand the rapid pace of the industry. Every member of the team is provided with multiple avenues for staff development such as formal certification, cutting-edge security research courses, and security conference attendance