Junior Penetration Tester

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit bugcrowd.com. Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures, Costanoa Ventures, and others.

We are seeking a motivated and driven Junior Penetration Tester to join our team of existing security specialists. This role is a foundational position, focused on developing core skills in offensive security testing under the guidance of more senior team members.

As a Junior Penetration Tester, you will be responsible for working through existing methodologies and applying them against assigned targets to identify security vulnerabilities. This will support the team\'s overall mission of helping improve our client’s infrastructure and codebase by raising high quality (and often high impact) security concerns as evidenced by your capability to exploit.

This is an excellent opportunity for an individual with a strong passion for cybersecurity to learn and grow within an elite offensive security team.

• Conduct Structured Testing to Identify Security Vulnerabilities:
  • Demonstrating a functional understanding of modern attack vectors and penetration testing software as well as being technically capable of using them in the identification of security vulnerabilities in Web applications, APIs and network infrastructure.
  • Consistently complete assigned penetration tests within allocated timeframes, and in accordance with our methodologies.
• Continuous Learning:
  • Actively engage in keeping up-to-date with fundamental security concepts and core testing tools, applying newly acquired knowledge under instruction and supervision.
• Problem Identification & Escalation:
  • Promptly identify and effectively communicate technical blockers or concerns to mentors or Technical Pentest Managers (TPMs) as needed, actively seeking clarification and guidance to avoid missteps.
• Team Support & Documentation:
  • Assist in test retrospectives, documentation of processes, and provide support to more senior team members as directed by the team lead or manager.
• Working Hours:
  • Be able to execute testing within UK core business hours (09:00 - 17:30 GMT). Some tests may fall outside of these hours, but the majority of tests will need to be completed within this timeframe.

• Experience: 6+ months as a penetration tester (or equivalent demonstrable experience) with a foundational understanding of wider cybersecurity concepts and best practices.
• Technical Skills: Familiarity with commonly used security testing tools (e.g. BurpSuite, Nmap) and approach to penetration testing activities.
• Soft Skills:
  • Strong desire to learn, good communication skills for peer and mentor interactions, and the ability to follow instructions.
  • Strong written and spoken business English (C1+ or native fluency).
• Certifications: Certifications such as CEH (Certified Ethical Hacker), OSCP(+) (Offensive Security Certified Professional), CPSA (CREST Practitioner Security Analyst), etc. are considered a plus.

• At Bugcrowd, we understand that diversity in the workplace is vital to a company’s success and growth. We strive to make sure that people are included and have a sense of being part of making Bugcrowd not only a great product but a great place to work.
• We regularly hear from both customers and researchers that Bugcrowd feels like a family, and we strive to maintain that internally as well.
• Our team consists of a broad range of people: musicians, adventure sports junkies, nature lovers, parents, cereal enthusiasts, night owls, cyclists, artists—you get the point.

At Bugcrowd, we are solving security threats and vulnerabilities that are relevant to everyone, therefore we believe solving these problems takes all kinds of backgrounds. We value the perspectives and experiences people from underrepresented backgrounds bring.

This position has access to highly confidential, sensitive information relating to the technologies of Bugcrowd. It is essential that the applicant possess the requisite integrity to maintain the information in the strictest confidence.

The company is authorized to obtain background checks for employment purposes under state and federal law. Background checks will be conducted for positions that involve access to confidential or proprietary information (including trade secrets).

Background checks may include Social Security verification, prior employment verification, personal and professional references, educational verification, and criminal history. Applicants with conviction histories will not be excluded from consideration to the extent required by law.

Equal Employment Opportunity:

Bugcrowd is EOE, Disability/Age Employer.

Individuals seeking employment at Bugcrowd are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.

Apply at: https://www.bugcrowd.com/about/careers/