Jobs Companies BreachLock Senior Penetration Tester (US)

About this Senior Penetration Tester (US) role at BreachLock

BreachLock · United States

Company Description

BreachLock is a global leader in Offensive Security including Red Teaming, Continuous Attack Surface Discovery and Penetration Testing services. We help organizations discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing, and Red Teaming. BreachLock provides an attacker's perspective that goes beyond standard vulnerabilities, enabling organizations to build a comprehensive, proactive defense strategy.

 

Role Description

Penetration Tester (Mid-Senior) | Full-Time | Remote (US)

As a penetration tester on BreachLock's US Strategic delivery team, you'll execute manual, methodology-driven engagements across web applications, APIs, and internal networks — including assumed breach simulations — for enterprise clients. You'll work directly with delivery leadership, contribute to internal tooling and quality systems, and help raise the bar for the team around you.

 

Key Responsibilities

  • Execute web application, API and mobile penetration tests with a focus on manual testing beyond automated scanning — business logic, authentication abuse, authorization flaws, and injection chains
  • Conduct internal network assessments, external network assessments and assumed breach engagements, including Active Directory enumeration, lateral movement, privilege escalation, and post-exploitation
  • Leverage frameworks including MITRE ATT&CK, PTES, and OWASP to structure assessments and findings
  • Develop and contribute to internal tooling — automation scripts, reporting utilities, and workflow improvements using Python, Bash, or similar
  • Participate in QA review cycles, providing structured feedback on findings, CVSS scoring accuracy, and report quality
  • Mentor junior testers through technical guidance and finding review
  • Collaborate with delivery leadership on scoping, client kickoff calls, and remediation guidance

Requirements

  • 3–5 years of professional penetration testing experience in a delivery or consulting context
  • Strong web application and API testing fundamentals — Burp Suite proficiency, OWASP Top 10 and beyond, authentication and session management testing
  • Solid internal network assessment skills — AD enumeration, Kerberoasting, NTLM relay, ADCS misconfigurations, assumed breach methodology
  • Proficiency in scripting and automation (Python, PowerShell, Bash)
  • Strong written communication — capable of writing clear, accurate, well-scoped findings independently
  • Familiarity with PTaaS delivery models or platform-based reporting workflows is a plus
  • US-based and eligible to work without sponsorship

 

Preferred

  • Experience with C2 frameworks (Cobalt Strike, Havoc, Sliver, or similar)
  • Active involvement in cybersecurity communities, research, or bug bounty programs
  • Certifications such as OSCP, BSCP, CRTO, GWAPT, GPEN, or equivalent practical credentials
  • Experience with SIEM platforms or EDR tools from an adversarial perspective

Benefits

  • Competitive compensation and performance-based equity opportunities
  • Flexible work hours with hybrid remote options
  • Opportunity to work with international cybersecurity experts
  • Strong career progression in a rapidly expanding early-stage company
  • Exposure to cutting-edge research, tools, and techniques in offensive security

 

Additional Organization Details

Ready to apply to BreachLock?
Apply to BreachLock

About BreachLock

BreachLock is a full stack Penetration Testing as a Service (PTaaS) solution. Using Artificial Intelligence, it helps scale human pen testers to deliver Fast, Comprehensive and Scalable Pen Testing across Applications, API's, and Networks

See all jobs at BreachLock →

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get an edge on your job hunt.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free