Penetration Tester

Posted 13 Days Ago
Be an Early Applicant
Eugene, OR
Hybrid
80K-120K Annually
Senior level
Professional Services • Business Intelligence
The Role
As a Senior Security Consultant, you will conduct penetration tests, social engineering, and red team operations to identify vulnerabilities in clients' networks and systems. You'll leverage your expertise in manual testing and OSINT to advise clients on remediation strategies, aiming to enhance their security posture.
Summary Generated by Built In
This position offers hybrid or remote work options; however, candidates must reside in Oregon, Washington, Nevada, Montana, or Idaho.*


BPM is looking for talented individuals who have a passion for security to join our team of technical security consultants and penetration testers in the Pacific Northwest. A solid understanding of manual penetration testing principals and their execution is essential. You understand that penetration testing is not just running common tools to poison mDNS requests, getting an SMB relay, pulling SPNs to find a crackable hash, or getting Domain Admin.

 

Prior client-facing penetration testing experience is preferred but is not required; common backgrounds on our team include: system administration, application development, computer science, malware research, military service, engineering, micro-electronics, or simply having a clear passion for technical systems.

 

At BPM, we believe in fostering a culture of growth and innovation. Employees in this role enjoy the personal and professional flexibility to strike their best work-life balance. Our business model prioritizes quality work over volume of work and rewards creative thinking. As a Senior Security Consultant, you will be responsible for conducting cyber security assessments to uncover vulnerabilities and advise clients on remediation strategies. Standard projects include penetration tests, social engineering, red team operations, application testing, and architecture review.

 

Working with BPM means using your experiences, broadening your skills, and growing in work and life—while also making a positive difference for your clients, colleagues, and communities. Our shared entrepreneurial spirit drives us to see and do things differently. Our passion for people makes BPM a place where everyone feels welcome, valued, and part of something bigger as we help clients understand their threat exposure and how to harden their defenses. Because People Matter.

 

What you get:

Total rewards package: from flexible work arrangements to personalized benefit structures, 401k match, multiple bonus opportunities, and financial compensation options that give you choice and flexibility.

Well-being resources: interactive wellness platform and incentives, an employee assistance program and mental health resources.

Balance & flexibility: Firm Holidays, Flex PTO, paid family leave, winter break, and remote work options, so you can balance challenging yourself with taking care of yourself.

Professional development opportunities: our cyber security team is led by technical subject matter experts that understand the rapid pace of the industry. Every member of the team is provided with multiple avenues for staff development such as formal certification, cutting-edge security research courses, and security conference attendance.

 

Who is successful at BPM:

Caring people who put others first 

Critical problem solvers who bring inherent curiosity

Self-starters who embody the BPM entrepreneurial spirit 

Authentic individuals with a diverse point of view 

Lifelong learners with a drive to excel 

Resilient people who rise to the occasion

 


 


Responsibilities

  • Perform detailed manual penetration tests of networks, applications, and systems
  • Conduct reconnaissance through open source intelligence (OSINT) on target clients to locate exposed data
  • Leverage collected data and provided client target details to successfully socially engineer client employees via emails and phone calls
  • Perform red team engagements to gain access to client specified resources through covert tests that blend multiple attack vectors
  • Document security vulnerabilities in-depth during client engagements
  • Effectively communicate findings and provide remediation guidance to both technical and non-technical stakeholders
  • Drive internal team innovation, collaboration, and advancement through professional development time

Requirements

  • A minimum of five years hands-on experience with security
  • A minimum of five years performing system administration, development, or a similar background in technology
  • Documented oral and written communication skills including complex technical document preparation
  • Strong understanding of network and application protocols (e.g., TCP, UDP, SMB, HTTP, FTP)
  • Deep knowledge of how software works and interacts at various layers
  • Demonstrates adaptive and critical thinking skills to solve unique and challenging problems
  • Ability to use multiple operating systems with high proficiency (e.g., Windows, Linux, macOS)
  • Understanding of enterprise technology and experience with Active Directory
  • Strong comfort with languages such as Bash, Python, Go, and PowerShell
  • Experience with web development technologies (e.g., React, HTML, JavaScript, etc.)
  • Experience with tools commonly used to perform security testing (e.g., Nmap, Burp Suite, evilginx, hashcat, Metasploit, Nessus, impacket, C2 frameworks, nuclei, gophish, Dradis, Ghostwriter, etc.)
  • Familiarity with industry security standards and frameworks (e.g., NIST SP 800-53, NIST CSF, MITRE)
  • Must be able to pass criminal background checks
  • Must be eligible to work in the United States without sponsorship
  • Ability to thrive in a team environment that operates without ego

Bonus Qualifications

  • Incident response or digital forensics (DFIR) experience
  • Bachelor's degree in Computer Science or related technical field
  • Security certifications such as OSCP, CISSP, Security+, or similar
  • Experience with iOS or Android Mobile application development
  • Highly Proficient in at least one programming language such as C++, Java, .NET, Rust, Python, Go
  • Experience managing and deploying red team infrastructure
  • Have developed tooling or published security research for the greater security community
  • Experience with CIS Benchmarks and how to audit against them
  • Physical security experience & a desire to travel to client locations

Wondering if you should apply?


At BPM we are people who value people. We are progressive and purposeful. We are a firm with flexibility. Our shared entrepreneurial spirit drives us to see and do things differently. And our passion for people makes BPM a place where everyone feels welcome, valued, and part of something bigger.


***************


BPM provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.


For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance.


Please note - this posting is for prospective candidates only. Unsolicited third-party resume submissions will be considered property of BPM and will not be acknowledged or returned.

The Company
HQ: San Francisco, CA
1,033 Employees
On-site Workplace
Year Founded: 1986

What We Do

BPM LLP is one of the 50 largest public accounting and advisory firms in the country. With more than 800 professionals along the West Coast – as well as offices abroad – we help clients succeed around the world. We offer a cross-functional team approach that gives clients direct access to the best and most qualified resources.

With full-service capabilities in audit, tax and advisory services, we possess in-depth knowledge of the transactional industry—its key processes, challenges surrounding growth and performance, regulatory compliance and governance—and the many other complex accounting and reporting issues you face. Our collective knowledge representing a diverse client base allows us to serve as experts in over a dozen industries.

In 2021, we are proud to be named by Forbes “Best Tax and Accounting Firms” and #22 on Vault’s “Accounting 50” ranking! We invite you to learn more about us, visit bpmcpa.com

Similar Jobs

Arrow Electronics, Inc. Logo Arrow Electronics, Inc.

Channel Manager- Network & Security

Cloud • Enterprise Web • Hardware • Information Technology • Internet of Things • Robotics • Semiconductor
Remote
OR, USA
22000 Employees
102K-140K Annually

Arrow Electronics, Inc. Logo Arrow Electronics, Inc.

Palo Alto Technical Support Engineer

Cloud • Enterprise Web • Hardware • Information Technology • Internet of Things • Robotics • Semiconductor
Remote
OR, USA
22000 Employees
98K-165K Annually

PwC Logo PwC

SAP Order to Cash (SD) Consultant, Manager

Artificial Intelligence • Professional Services • Business Intelligence • Consulting • Cybersecurity • Generative AI
Hybrid
Portland, OR, USA
364000 Employees
100K-232K Annually

PwC Logo PwC

SAP BRIM Consultant, Manager

Artificial Intelligence • Professional Services • Business Intelligence • Consulting • Cybersecurity • Generative AI
Hybrid
Portland, OR, USA
364000 Employees

Similar Companies Hiring

Halter Thumbnail
Software • Machine Learning • Internet of Things • Hardware • Greentech • Business Intelligence • Agriculture
Auckland City, NZ
150 Employees
Energy CX Thumbnail
Utilities • Professional Services • Greentech • Financial Services • Energy • Consulting • Business Intelligence
Chicago, IL
55 Employees
Jobba Trade Technologies, Inc. Thumbnail
Software • Professional Services • Productivity • Information Technology • Cloud
Chicago, IL
45 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account