Pentester

Synack’s Penetration Testing as a Service platform manages customers’ attack surfaces by discovering new assets, pentesting for critical vulnerabilities and gaining visibility into the root causes of security risks. We are committed to making the world more secure by harnessing a talented, vetted community of security researchers to deliver continuous penetration testing and vulnerability management, with actionable results. Synack's PTaaS platform has uncovered more than 71,000 exploitable vulnerabilities to date, protecting a growing list of Global 2000 customers and U.S. agencies in a FedRAMP Moderate Authorized environment. For more information, please visit www.synack.com.

We are looking for a talented penetration tester with experience in various types of offensive security engagements to help us establish and build a new team within Synack. Since the team is new and will start small, we are seeking candidates with a variety of skills who are looking to collaborate with one another and pick up things that they haven’t already mastered on the fly.

Please note: This is a remote position performing work for customers in the New York City area which requires occasional onsite work up to one week per month. For that reason, we are only considering candidates that are within commuting distance to New York City.

Sounds interesting? Keep reading...

Here’s what you'll do

• Pentesting:
  • Conduct independent and collaborative penetration tests across infrastructure, web applications, mobile platforms, APIs, and cloud environments
  • Conduct independent and collaborative policy-driven evaluations to assess organizational security controls
  • Develop and maintain threat models using PASTA, TRIKE, and STRIDE to guide test design and prioritization
  • Design and execute test plans simulating real-world adversarial behavior
  • Identify, exploit, and document vulnerabilities with technical detail, reproducible steps, and business impact analysis
  • Write professional reports including technical results, risk ratings, and mitigation recommendations
  • Track evolving TTPs, zero-day research, and attack surface changes relevant to client environments
• Security Evaluation
  • Conduct structured security evaluations using checklists and standards-based frameworks (e.g., CIS Benchmarks, NIST 800-53, ISO 27001)
  • Perform configuration and control reviews of hosts, containers, cloud resources, network segments, and identity platforms
  • Document findings, assign severity based on likelihood/impact, and provide remediation guidance
  • Collaborate with audit, compliance, or assurance teams to support risk and regulatory reporting needs
  • Ensure evaluation output is aligned with internal policies and external compliance requirements

Here’s what you’ll need

• 3+ years of experience in offensive security
  • Willing to consider less experienced candidates with high technical aptitude
• 1+ years of experience conducting security evaluations or standards-based assessments
• Strong understanding of vulnerability classes (e.g., OWASP Top 10, CWE Top 25) and exploitation techniques
• Experience with threat modeling methodologies: PASTA, TRIKE, STRIDE
• Scripting or automation in Python, Bash, or PowerShell
• Strong communication and technical documentation skills
• Experience scoping penetration testing engagements
• Experience briefing engagement results to different customer levels
• Experience classifying vulnerabilities using CVSS
• At least one advanced industry certification, i.e. OSCP, OSWE, OSEP

Here's what will make you stand out

• Multiple advanced industry certifications (OSCP, GPEN, GWAPT, or CISSP, CISA, CRISC)
• Experience performing Red Team and Purple Team exercises
• Project Management experience
• Experience coding in programming languages like C++, C, C#
• Familiarity with security standards and benchmarks (e.g., CIS, NIST, ISO, PCI-DSS)

Ready to join us?

Synack is committed to embracing diversity. Our people are our strength.  Each addition to our team is an opportunity to grow and diversify our ideas, experiences, and viewpoints. Synack strives to be inclusive of all people. 

As a candidate, Synack cares about your privacy. Please view our candidate privacy policy here.

This position has responsibility to ensure Synack’s security and privacy posture is maintained.

$110,000 - $140,000 Salary is determined by a combination of factors including location, level, relevant experience, and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity, and benefits.
For more details about our benefits, please see here. Then for the Employer code, enter: synack