Associate Penetration Tester

About SecurityScorecard:

Funded by world-class investors including Silver Lake Waterman, Moody's, Sequoia Capital, GV, Riverwood Capital, and others with over $290 million in funding, SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 2M+ companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 16,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. This is done by measuring your and your vendors' cyber-health by assigning a security rating of "A" through "F" based on outside-in, non-intrusive data. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors.

SecurityScorecard is headquartered in NYC with over 450+ employees globally. Our culture has helped us be recognized by Inc Magazine as a "Best Workplace," "Best Places to Work in NYC" by Crain's NY, and one of the 10 hottest SaaS startups in NY for two years in a row. $

Why join SecurityScorecard's Professional Services Team?

Our teams are composed and led by former intelligence community, law enforcement, military cyber operators and practitioners. For each engagement we leverage our STRIKE research and intel team, SecurityScorecard Platform, Attack Surface Intelligence (ASI) to inform how we conduct our penetration testing, red teaming, threat emulation, incident response or other customer requested security assessments, advisory or consulting.

Advantages of working with SecurityScorecard:

We understand threats, risks, and how threat actors operate. We offer end to end solutions to support customers for the purposes of compliance, raising the cost to adversaries or other business outcomes. We provide specific direction with our cybersecurity and resiliency services, driven by our superior cybersecurity data, best practices and front-line lessons learned. We provide value by showing customers where they are vulnerable, and prioritized mitigation. The team recently expanded with the acquisition of LIFARS, a global leader in Incident Response, Digital Forensics, Penetration Testing and Ransomware Mitigation.

Whom are we looking for?

SecurityScorecard is looking for a self-motivated, creative, reliable, diligent, detail-oriented, and clever individual Penetration Tester to join our Active Security Team to conduct penetration testing and threat emulation. This is an exciting opportunity to support and enable organizations worldwide to prepare for and combat cyber-attacks.

Responsibilities:

• Perform vulnerability assessments, penetration testing on a variety of web and mobile applications to include Active Directory and cloud environments.
• Serve as a team lead on customer engagements
• Conduct phishing campaigns and red teaming engagements.
• Collaborate with other penetration testers and offensive security team members.
• Assist in educating clients on exploited vulnerabilities and remediation strategies to protect against future exploits or attacks.

Requirements:

• At least 3 years of related work experience in the fields of computer science, information systems, engineering, or a related degree preferred.
• At least 2 years of experience in one or more of the following areas: penetration testing and red teaming; security testing of web and mobile-based applications; application security source code assessments.
• Strong Unix, Windows, networking, wireless security skills and a deep understanding of networking.
• Strong technical skills related to a broad range of operating systems and databases; experience with programming in a mainstream language such as: Java, C, C++, C#, ASP, and .NET., Python, PowerShell, Bash or similar languages.
• Manual penetration testing experience above and beyond running automated tools is required, understanding of OWASP testing guides and MITRE ATT&CK.
• Experience developing custom scripts or programs (e.g. vulnerability identification) as well as application development is a plus.
• Excellent presentation and verbal skills
• Able to work collaboratively with a remote team
• At least one of the networking, OS and general security certifications - CCNA / Comptia Network +, Comptia Security +, LPIC / Comptia Linux +, Cloud related certifications from AWS or Azure
• At least one of the security- related certification such as the OSCP, GXPN, GPEN, OSWP, PNPT, CEH, CRTP, OSCE, CRTE or other relevant certification desired; non- certified hires are required to become certified within 1 year from the date of hire.
• History of published security research assigned CVE vulnerabilities, history of successful bug bounty and CTFs are a plus.

Benefits

We offer a competitive salary, stock options, a comprehensive benefits package, including health and dental insurance, unlimited PTO, parental leave, tuition reimbursements, and much more!

If you are a resident of Colorado, New York City, California, or Washington State, please email us at talentacquisitionoperations@securityscorecard.io to receive compensation information for this role.

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based upon merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law.

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or an accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company's privacy policy and applicable law.

SecurityScorecard does not accept unsolicited resumes from employment agencies.