Company Description
BreachLock is a global leader in Offensive Security including Red Teaming, Continuous Attack Surface Discovery and Penetration Testing services. We help organizations discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing, and Red Teaming. BreachLock provides an attacker's perspective that goes beyond standard vulnerabilities, enabling organizations to build a comprehensive, proactive defense strategy.
Role Description
Penetration Tester (Mid-Senior) | Full-Time | Remote (US)
As a penetration tester on BreachLock's US Strategic delivery team, you'll execute manual, methodology-driven engagements across web applications, APIs, and internal networks — including assumed breach simulations — for enterprise clients. You'll work directly with delivery leadership, contribute to internal tooling and quality systems, and help raise the bar for the team around you.
Key Responsibilities
- Execute web application, API and mobile penetration tests with a focus on manual testing beyond automated scanning — business logic, authentication abuse, authorization flaws, and injection chains
- Conduct internal network assessments, external network assessments and assumed breach engagements, including Active Directory enumeration, lateral movement, privilege escalation, and post-exploitation
- Leverage frameworks including MITRE ATT&CK, PTES, and OWASP to structure assessments and findings
- Develop and contribute to internal tooling — automation scripts, reporting utilities, and workflow improvements using Python, Bash, or similar
- Participate in QA review cycles, providing structured feedback on findings, CVSS scoring accuracy, and report quality
- Mentor junior testers through technical guidance and finding review
- Collaborate with delivery leadership on scoping, client kickoff calls, and remediation guidance
Requirements
- 3–5 years of professional penetration testing experience in a delivery or consulting context
- Strong web application and API testing fundamentals — Burp Suite proficiency, OWASP Top 10 and beyond, authentication and session management testing
- Solid internal network assessment skills — AD enumeration, Kerberoasting, NTLM relay, ADCS misconfigurations, assumed breach methodology
- Proficiency in scripting and automation (Python, PowerShell, Bash)
- Strong written communication — capable of writing clear, accurate, well-scoped findings independently
- Familiarity with PTaaS delivery models or platform-based reporting workflows is a plus
- US-based and eligible to work without sponsorship
Preferred
- Experience with C2 frameworks (Cobalt Strike, Havoc, Sliver, or similar)
- Active involvement in cybersecurity communities, research, or bug bounty programs
- Certifications such as OSCP, BSCP, CRTO, GWAPT, GPEN, or equivalent practical credentials
- Experience with SIEM platforms or EDR tools from an adversarial perspective
Benefits
- Competitive compensation and performance-based equity opportunities
- Flexible work hours with hybrid remote options
- Opportunity to work with international cybersecurity experts
- Strong career progression in a rapidly expanding early-stage company
- Exposure to cutting-edge research, tools, and techniques in offensive security
Additional Organization Details
Explore uninterrupted Attack Surface Discovery and Penetration Testing services for robust security measures. Identify vulnerabilities and fortify your defenses with our comprehensive solutions.
Key team members
Shyam Jha
Tim Ager
Steve Antone
Himanshu Nautiyal
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.