Penetration Tester

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures, Costanoa Ventures, and others.

We are looking for a driven and skilled Penetration Tester to join our team of existing security specialists. This role is for a seasoned professional, responsible for executing comprehensive testing, identifying and reporting vulnerabilities across our wide client base.

The ideal candidate will be a proactive problem-solver with a strong technical background and a proven track record of operating as a dedicated penetration tester within a cyber security focused department or company. Applicants should have a strong understanding of common security issues and concepts such as the OWASP Top Ten, common pentesting/vulnerability assessment tools, and a passion for delivering results.

This position requires a high degree of autonomy in executing tasks while contributing to the team's overall expertise and effectiveness.

• Conduct Structured Testing to Identify Security Vulnerabilities
  • Consistently complete methodology driven penetration tests within allocated timeframes and to a quality standard that passes all internal QA checks, aiming for a utilization rate of 80%.
• Troubleshooting and Escalation
  • Promptly raise technical blockers or concerns with Technical Pentest Managers (TPMs) and work proactively to resolve them, adhering to the principle of "do no harm" to client systems.
• Specialist Expertise
  • Maintain up-to-date knowledge within a specific area of expertise and routinely update associated methodologies to reflect current best practices and threat landscapes.
• Cross-Training
  • Serve as a secondary point of contact on at least one other testing methodology to support the primary in cases of absence or unavailability.
• Submission Triage
  • Analyse, reproduce and assign severity of vulnerabilities as part of our in-house triage process for security submissions raised by the wider Crowd of testers.
• Working Hours
  • Be able to execute testing within UK core business hours (09:00 - 17:30 GMT). Some tests may fall outside of these hours, but the majority of tests will need to be completed within this timeframe.

• Experience: 2 - 3+ years of proven experience in conducting penetration tests and a track record of delivering high-quality, reliable results alongside a strong understanding of wider cybersecurity concepts and best practices.
• Technical Skills: Familiarity with commonly used command line tools (e.g. Bash, SSH, grep, etc.), security testing tools (e.g. BurpSuite, Postman, Nmap, Kali, Metasploit, etc.) and approach to penetration testing activities.
• Technical Knowledge: Ability to explain common security vulnerabilities - at a minimum, the OWASP top ten, but ideally beyond.
• Soft Skills:
  • Ability to translate technical concepts and security vulnerabilities into business risks for associated (non-technical) stakeholders, as well as explain them to more junior team mates.
  • Has an appetite for assertive conversations amongst stakeholders to drive project outcomes and deliverables.
  • Strong written and spoken business English (C1+ or native fluency).
• Certifications: Certifications such as OSCP(+) (Offensive Security Certified Professional), OSWE (OffSec Web Expert), CRT (CREST Registered Penetration Tester), etc. are considered a plus.

• At Bugcrowd, we understand that diversity in the workplace is vital to a company’s success and growth. We strive to make sure that people are included and have a sense of being part of making Bugcrowd not only a great product but a great place to work.
• We regularly hear from both customers and researchers that Bugcrowd feels like a family, and we strive to maintain that internally as well.
• Our team consists of a broad range of people: musicians, adventure sports junkies, nature lovers, parents, cereal enthusiasts, night owls, cyclists, artists—you get the point.

At Bugcrowd, we are solving security threats and vulnerabilities that are relevant to everyone, therefore we believe solving these problems takes all kinds of backgrounds. We value the perspectives and experiences people from underrepresented backgrounds bring.

This position has access to highly confidential, sensitive information relating to the technologies of Bugcrowd. It is essential that the applicant possess the requisite integrity to maintain the information in the strictest confidence.

The company is authorized to obtain background checks for employment purposes under state and federal law. Background checks will be conducted for positions that involve access to confidential or proprietary information (including trade secrets).

Background checks may include Social Security verification, prior employment verification, personal and professional references, educational verification, and criminal history. Applicants with conviction histories will not be excluded from consideration to the extent required by law.

Equal Employment Opportunity: Bugcrowd is EOE, Disability/Age Employer. Individuals seeking employment at Bugcrowd are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.

Apply at: https://www.bugcrowd.com/about/careers/