Staff Penetration Tester

At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we\'re the preferred data partner for the top companies in almost every industry. Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world’s largest enterprises.

Cloudera is looking for security professionals with expertise in multiple domains to join a unique blended team. Bringing both security operations knowledge and application security know-how, you and our highly collaborative team will play a crucial role in designing Cloudera’s products and ensuring the security of the Cloudera Data Platform (CDP) Public Cloud environment. In this role, you will be part of our Product Security (ProdSec) team. This team is charged with building and maintaining the operational security of our production systems while also working as a critical part of our product development process by baking security into SDLC to programmatically drive change from the design stage of the development lifecycle to the runtime of our product. Our goal is to build a cycle of improvement that involves discovering and addressing design issues using highly automated DevSecOps processes, improving current products, and reducing issues in future generations of our products.

• Perform manual and automated pentesting of web apps and APIs.
• Identify and exploit vulnerabilities, chaining findings for maximum impact.
• Conduct targeted assessments on internal and external networks when needed.
• Validate and document vulnerabilities with risk ratings and clear remediation guidance.
• Collaborate with developers, engineers, and product teams to advise on remediation.
• Contribute to secure SDLC initiatives and AppSec review processes.
• Create scripts to speed up testing or hand off to engineering teams.
• Stay current with new vulnerabilities, exploits, and offensive security tools.
• Review SAST and DAST findings to enhance the testing activity.
• Assist in the configuration and maintenance of SAST and DAST tools.

• 8-10 years of hands-on penetration testing experience, focusing on application security.
• Experience with cloud platforms (AWS, Azure, GCP).
• Experience with manual security source code review.
• Strong knowledge of the OWASP Top 10 and common web/API vulnerabilities (e.g., Injection attacks, SSRF, auth bypass).
• Experience with tools like Burp Suite, Nmap, sqlmap, and custom scripts.
• Experience with Fortify, Semgrep, Burp Enterprise and CI/CD pipeline security.
• Knowledge of network security testing (e.g., basic AD exposure, port scanning, misconfig checks, privilege escalation techniques).
• Scripting ability in at least one language (Python, Bash, JavaScript, etc.).
• Strong communication skills, especially when reporting findings and collaborating cross-functionally.

• Certifications like OSCP, GWAPT, CEH, or eWPTX (Nice to have, not required).
• Knowledge of containers and Kubernetes security.

This role is not eligible for immigration sponsorship.

• Generous PTO Policy
• Support work life balance with Unplugged Days
• Flexible WFH Policy
• Mental & Physical Wellness programs
• Phone and Internet Reimbursement program
• Access to Continued Career Development
• Comprehensive Benefits and Competitive Packages
• Paid Volunteer Time
• Employee Resource Groups

EEO/VEVRAA

#LI-SZ1

#LI-REMOTE