Want the freedom to test the latest exploits and techniques when they are released?
Want to be notified when a client deploys a new asset so you can test it for security flaws?
Never want to write another Word/PDF report again?!
Sprocket Security is changing how the industry performs penetration testing with its Continuous Penetration Testing platform. Sprocket's services remove the artificial time constraints on pentesting while applying proven methodologies. You'll be joining a passionate team that values a unique mindset, innovation, and creativity. Join a team that's testing and securing multiple businesses at a time!
- Perform network, web application, and wireless testing methodologies at scale.
- Discover newly exploitable systems across our fleet of clients. It's fun to test that new vulnerability the day it's released!
- Build payloads and C2 infrastructure that evades defenses.
- Mimic tactics and techniques used by real-world adversaries. Show impact with post-exploitation activities.
- Perform occasional point-in-time tests and red team (covert) engagements.
- Build and perform social engineering tests at scale using the latest techniques and payloads.
- Manage our platform by conducting tasks, write findings, and work with clients to help detect and prevent.
- Develop tools and contribute to our automated infrastructure. You'll commonly program in the following languages: Ruby, Python, PowerShell, C# Bash, etc.
- Advanced usage of the following tools: Burp Suite Pro, Nessus, Metasploit, CobaltStrike, etc.
- Manage project lifecycles and present professionally to clients. Kickoff calls, debriefs, etc.
- Work closely with development teams to migrate human-driven tasks into automation. Work with AWS, Azure, terraform, ansible, and gitlab pipelines.
- Two or more years of hands-on penetration testing experience.
- OSCP or equivalent skills-based certification.
- Detailed knowledge of identifying and exploiting vulnerabilities in Windows, Linux, and cloud -based systems.
- Clear and concise verbal and written skills.
- Ability to manage time efficiently while working remotely and without being micromanaged.
- Contributes to industry via conference talks and tools or research (show us your git repos!).
- Social engineering (physical, phishing, vishing) experience.
- Red team, purple team, and adversary simulation experience.
- Experience managing or working with management on security projects and teams. Bonus if CISSP certified.
- Remote work acceptable. Preferred proximity to Madison, WI
- Company matched 401k (immediate eligibility, no one should have to wait to start saving)
- Unlimited time off
- Health insurance
- Work remotely (Sprocket is a remote first company)