BreachLock

BreachLock

BreachLock provides a proactive cybersecurity solution that helps organizations identify and remediate potential vulnerabilities to prevent future cyber breaches.

Professional Services
51-250
Founded 2019

Description

  • Execute manual penetration tests for web applications, APIs, and mobile applications, focusing on business logic flaws, authentication abuse, authorization issues, and injection chains.
  • Conduct internal and external network assessments, including assumed breach simulations.
  • Perform Active Directory enumeration, lateral movement, privilege escalation, and post-exploitation activities during internal testing.
  • Use frameworks such as MITRE ATT&CK, PTES, and OWASP to structure assessments and findings.
  • Develop and improve internal tooling, including automation scripts, reporting utilities, and workflow enhancements using Python, Bash, or similar tools.
  • Participate in QA review cycles and provide feedback on findings, CVSS scoring, and report quality.
  • Mentor junior testers by providing technical guidance and reviewing findings.
  • Collaborate with delivery leadership on scoping, client kickoff calls, and remediation guidance.

Requirements

  • 3–5 years of professional penetration testing experience in a delivery or consulting environment.
  • Strong web application and API testing fundamentals, including Burp Suite proficiency.
  • Experience testing authentication and session management, with knowledge of OWASP Top 10 and beyond.
  • Solid internal network assessment skills, including AD enumeration, Kerberoasting, NTLM relay, ADCS misconfigurations, and assumed breach methodology.
  • Proficiency in scripting and automation with Python, PowerShell, Bash, or similar languages.
  • Strong written communication skills and the ability to write clear, accurate, well-scoped findings independently.
  • Familiarity with PTaaS delivery models or platform-based reporting workflows is a plus.
  • Must be US-based and eligible to work without sponsorship.
  • Preferred experience with C2 frameworks such as Cobalt Strike, Havoc, or Sliver.
  • Active involvement in cybersecurity communities, research, or bug bounty programs is preferred.
  • Certifications such as OSCP, BSCP, CRTO, GWAPT, GPEN, or equivalent practical credentials are preferred.
  • Experience with SIEM platforms or EDR tools from an adversarial perspective is preferred.

Benefits

  • Competitive compensation with performance-based equity opportunities.
  • Flexible work hours with hybrid remote options.
  • Opportunity to work with international cybersecurity experts.
  • Strong career progression in a rapidly expanding early-stage company.
  • Exposure to cutting-edge research, tools, and techniques in offensive security.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Principal AI Security Specialist

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead enterprise AI security conversations and help customers securely adopt GenAI across complex technical and sales engagements.

Cybersecurity Generative AI LLM
1 day, 17 hours ago

Principal AI Security Specialist - West

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead enterprise-facing AI security conversations and help customers securely adopt GenAI across complex environments.

Cybersecurity Generative AI LLM
1 day, 17 hours ago

Digital Privacy, Trust & Safety Consultant

Coalfire 251-1K Internet Software & Services

Coalfire is hiring a Digital Privacy, Trust & Safety Consultant to perform independent audits and technical testing of digital platforms against global privacy, trust, safety, and regulatory requirements.

Cybersecurity
3 days, 18 hours ago

Staff Red Team Engineer, Discovery

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is seeking a Staff Red Team Engineer to independently pressure-test and strengthen software-defined, AI-native defense systems across space, missiles, air, autonomy, sensors, and cyber domains.

Machine Learning MATLAB NumPy Python Reinforcement Learning SciPy
3 days, 18 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers