Senior Penetration Tester

Company Summary 

Somos is an innovative technology company that ensures that phone calls and text messages can be trusted. Consumers don’t want spammers and fraudsters to reach them through their devices, and businesses don’t want their legitimate phone calls ignored. The solution?  Developing stronger trusted digital identities. And that’s where you come in! 

We are seeking a highly skilled Senior Penetration Tester to lead offensive security operations and strengthen our overall security posture. This role will drive red team exercises, manage vulnerabilities across the enterprise, oversee patch management initiatives, and own all aspects of application security testing, including SAST, DAST, and SCA. The ideal candidate will have a strong blend of technical expertise, communication skills, and the ability to collaborate across teams while providing clear guidance to both technical and non-technical stakeholders

Core Job Responsibilities & Accountabilities:

     Offensive Security & Penetration Testing

• Lead and execute red team engagements, emulating advanced threat actors to assess detection and response capabilities.
• Perform internal and external penetration testing across networks, applications, APIs, cloud environments, and physical security (as required).
• Develop and manage penetration testing methodologies, tooling, and reporting standards.
• Provide actionable remediation recommendations to engineering, DevOps, and IT teams.

     Vulnerability Management & Patch Governance

• Oversee the end-to-end vulnerability management program, including identification, prioritization, tracking, and remediation validation.
• Partner with IT and application owners to drive timely patch management, ensuring critical vulnerabilities are addressed within SLA.
• Continuously refine vulnerability scoring and risk-based prioritization models.

     Application Security (AppSec)

• Own and maintain the organization’s SAST, DAST, and SCA tooling and processes.
• Collaborate with development teams to integrate security testing into CI/CD pipelines.
• Review application architecture, code, and configurations to identify security gaps.
• Provide secure coding guidance and lead developer training sessions.

      Audit & Compliance Support

•  Assist in internal and external audits, including SOC 2, ISO 27001, PCI, FISMA or other relevant frameworks.
• Provide evidence, documentation, and subject-matter expertise during audit activities.
• Support remediation of audit findings and control improvements.

Essential Qualifications & Skills (Required):

• 8 years related experience, including 5+ years of experience in penetration testing, red teaming, or offensive security roles, or an equivalent combination of education and experience.
• Strong knowledge of network, web application, and cloud security concepts.
• Security certifications such as CISSP, CISA, OSCP, or CEH.
• Hands-on experience with penetration testing and red team toolsets (e.g., Burp Suite, Cobalt Strike, Metasploit, Nessus, Kali Linux, BloodHound, etc.).
• Experience running and managing SAST, DAST, and SCA tooling (e.g., Veracode, Qualys, GitHub Advanced Security, WIZ,  SonarQube).
• Strong understanding of vulnerability scoring systems (CVSS), exploitability, and risk management.
• Familiarity with common security standards (OWASP Top 10, NIST CSF, MITRE ATT&CK).
• Ability to clearly communicate technical issues and risk to executives and technical team

Preferred Skills:

• Experience with cloud platforms (AWS, Azure, GCP).
• Background supporting compliance frameworks (SOC 2, ISO 27001, PCI, etc.).
• Hands-on experience in secure SDLC and CI/CD toolchains.
• Proactive, detail-oriented, and self-driven.
• Strong analytical and problem-solving skills.
• Ability to work cross-functionally with Engineering, IT, Compliance, and Leadership.
• Passionate about offensive security, emerging threats, and continuous improvement.

Salary and Benefits:  

• Salary Range: $131,000 - $145,000 
• 100% Company Paid Medical, Dental and Vision insurance for you and your family! 
• 401(k) Savings Plan with Employer Contribution 
• 100% Company Paid Short- and Long-Term Disability 
• 100% Company Paid Life Insurance 
• Flexible Time Off program 
• A Variety of Voluntary Benefits 

 

This job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of this position. Aspects of this job description may change at any time, with or without notice. 

This job description is not intended as and does not create an employment contract. The organization maintains its status as an at-will employer.  Employees can be terminated for any reason not prohibited by law.