Senior Penetration Tester

What You’ll Do:

• Perform and oversee application penetration testing, security vulnerability scanning, and provide remediation guidance to audiences across the organization.
• Collaborate cross functionally between the security, engineering, and cloud operations teams to develop and implement a program of continuous penetration testing across the application portfolio.
• Act as a subject matter expert on penetration testing methodologies, techniques, and procedures.
• Communicate effectively with stakeholders at all levels, translating technical findings into actionable insights and recommendations for both technical and non-technical audiences.

What You’ll Need:

• Minimum 5+ years of, demonstrated, hands-on, experience with internal and external web application, mobile, API, and network penetration testing to include writing and reviewing formal penetration test reports, documenting the details of a penetration test and all vulnerabilities, identifying risks, and noting strengths discovered during the test.
• Understanding of the business's use cases, potential for abuse cases, and the resulting risk and security impact.
• Understanding of penetration testing methodology and frameworks (ATT&CK, OWASP, PTES, MITRE).
• Understanding of the (S)SDLC (Secure) Software Development Lifecycle
• Skilled in illustrating and explaining security vulnerabilities, including proof of concept demonstrations, to audiences with minimal expertise in security.
• Security research experience in the areas of vulnerability identification, malware analysis, and current & emerging exploitation techniques.
• Proficiency in source code review, leveraging findings to execute targeted attacks.
• Experience with the top Cloud Service Providers (CSP) such as Azure and AWS.
• An understanding that every tool has its place and the ability to pivot and identify when it is necessary to move from tooling to more manual operations.

We’d Love to See:

• At least one of the following certifications (or equivalent) or higher: eCPPT, eJPT, CRTP, CRTO, eWPT, GWAPT, GWEN, OSCP, OSWE, Pentest+, PNPT, SEC560
• At least one cloud cert such as: AWS Cloud Certified Practitioner (CCP), Security Specialty, Azure AZ-500, AZ-900.
• Experience assisting in CAPEC markups for threat models.
• Experience testing Kubernetes is a differentiator.

Delinea Culture & Benefits:
 

Why work at Delinea? 
 

· We’re passionate problem-solvers doing our part to make the world a safer place. 

· We invest in people who are smart, self-motivated, and collaborative. 

· What we offer in return is meaningful work, a culture of innovation and great career progression! 

At Delinea, our core values are STRONG—Spirited – Trust – Respect – Ownership – Nimble – Global – and guide our behaviors and success. We believe weaving these core values into our day-to-day actions, and our process for hiring, evaluating, and promoting employees, helps us cultivate a work environment that embraces collaboration and camaraderie. 

We take care of our employees. We offer competitive salaries, a meaningful equity and bonus program, and excellent benefits, including a full suite of medical, dental, and vision insurance, as well as 401(k) matching, ROTH, comprehensive life insurance, short-term and long-term disability insurance, an employee assistance program, generous discretionary time off (DTO), and 12 paid holidays. We support all families with 12 weeks of paid leave for new birth, adoption, surrogacy, or foster-to-adopt primary caregivers. Secondary caregivers are offered 6 weeks of paid leave. 

Delinea is an Equal Opportunity and Affirmative Action employer and prohibits discrimination and harassment of any type with regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Upon conditional offer of employment, candidates are required to complete comprehensive 7-year criminal background check, verification of education, and verification of employment, per employment policy. In addition, all publicly posted social media sites may be reviewed.