We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures, Costanoa Ventures, and others.
As an Associate Penetration Tester, you will be responsible for working through existing methodologies and applying them against assigned targets to identify security vulnerabilities. This will support the team's overall mission of helping improve our client’s infrastructure and codebase by raising high quality (and often high impact) security concerns as evidenced by your capability to exploit.
This is an excellent opportunity for an individual with a strong passion for cybersecurity to learn and grow within an elite offensive security team.
Primary Role Responsibilities:
- Conduct Structured Testing to Identify Security Vulnerabilities:
- Demonstrating a functional understanding of modern attack vectors and penetration testing software as well as being technically capable of using them in the identification of security vulnerabilities in Web applications, APIs and network infrastructure.
- Consistently complete assigned penetration tests within allocated timeframes, and in accordance with our methodologies.
- Continuous Learning:
- Actively engage in keeping up-to-date with fundamental security concepts and core testing tools, applying newly acquired knowledge under instruction and supervision.
- Problem Identification & Escalation:
- Promptly identify and effectively communicate technical blockers or concerns to mentors or Technical Pentest Managers (TPMs) as needed, actively seeking clarification and guidance to avoid missteps.
- Team Support & Documentation:
- Assist in test retrospectives, documentation of processes, and provide support to more senior team members as directed by the team lead or manager.
- Working Hours:
- Be able to execute testing within UK core business hours (09:00 - 17:30 GMT). Some tests may fall outside of these hours, but the majority of tests will need to be completed within this timeframe.
- Experience: 6+ months as a penetration tester (or equivalent demonstrable experience) with a foundational understanding of wider cybersecurity concepts and best practices.
- Technical Skills:Familiarity with commonly used security testing tools (e.g. BurpSuite, Nmap) and approach to penetration testing activities.
- Soft Skills:
- Strong desire to learn, good communication skills for peer and mentor interactions, and the ability to follow instructions.
- Strong written and spoken business English (C1+ or native fluency).
- Certifications:Certifications such as CEH (Certified Ethical Hacker), OSCP(+) (Offensive Security Certified Professional), CPSA (CREST Practitioner Security Analyst), etc. are considered a plus.
- The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.
- Sitting and / or standing - Must be able to remain in a stationary position 50% of the time
- Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.
- Environment - remote, work-from-home 100% of the time.
Culture
- At Bugcrowd, we understand that diversity in the workplace is vital to a company’s success and growth. We strive to make sure that people are included and have a sense of being part of making Bugcrowd not only a great product but a great place to work.
- We regularly hear from both customers and researchers that Bugcrowd feels like a family, and we strive to maintain that internally as well.
- Our team consists of a broad range of people: musicians, adventure sports junkies, nature lovers, parents, cereal enthusiasts, night owls, cyclists, artists—you get the point.
At Bugcrowd, we are solving security threats and vulnerabilities that are relevant to everyone, therefore we believe solving these problems takes all kinds of backgrounds. We value the perspectives and experiences people from underrepresented backgrounds bring.
Disclaimer
This position has access to highly confidential, sensitive information relating to the technologies of Bugcrowd. It is essential that the applicant possess the requisite integrity to maintain the information in the strictest confidence.
The company is authorized to obtain background checks for employment purposes under state and federal law. Background checks will be conducted for positions that involve access to confidential or proprietary information (including trade secrets).
Background checks may include Social Security verification, prior employment verification, personal and professional references, educational verification, and criminal history. Applicants with conviction histories will not be excluded from consideration to the extent required by law.
Any personal data you submit in connection with your application will be processed in compliance with Bugcrowd's Privacy Policy, which you may review here: https://www.bugcrowd.com/privacy.
Equal Employment Opportunity:
Bugcrowd is EOE, Disability/Age Employer.
Individuals seeking employment at Bugcrowd are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.
Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please contact HR at ADA at bugcrowd.com.
Apply at: https://www.bugcrowd.com/about/careers/
Skills Required
- 6+ months as a penetration tester or equivalent demonstrable experience
- Familiarity with penetration testing tools (e.g., BurpSuite, Nmap)
- Functional understanding of web application, API, and network infrastructure security
- Ability to execute testing within UK core business hours (09:00 - 17:30 GMT)
- Strong written and spoken business English (C1+ or native fluency)
- Willingness to learn and apply security concepts under mentorship
- Ability to pass background checks and maintain strict confidentiality
- Ability to work remotely (100% work-from-home)
- Ability to remain stationary (sit/stand) 50% of the time and carry/move a laptop as needed
- Certifications such as CEH, OSCP, CPSA
What We Do
Bugcrowd is the #1 crowdsourced security platform. More enterprise organizations trust Bugcrowd to manage their bug bounty, vulnerability disclosure, attack surface management and next-gen pen test programs. By combining the largest, most experienced triage team with the most trusted hackers around the world, Bugcrowd generates better results, reduces risk through remediation advice, and empowers organisations to release secure products to market faster — with no hidden fees.
