Summary of Position

Our team is seeking an individual to join our penetration testing team who wants to spend more time hacking, less time managing customers and traveling.

What Sets Us Apart

We strive to develop a Work-to-Live rather than a Live-to-Work culture. Don't get us wrong, we *love* what we do, but we enjoy having personal lives too. Although, members of our team have been known to burn the midnight oil participating in Capture-the-Flag events, hunting bug bounties, or working on personal projects.

Security is a constantly evolving and fascinating field. SecurityMetrics provides us with training resources, practice environments, and one-on-one coaching. Our team uses these resources to improve our methodologies, and brush up on our skills.

Remember how we like having personal lives? We try our best to minimize unnecessary travel. In 2023, we only had 0 days of travel across our whole team. Not only does this provide us with more time for our private lives, but it also allows us to learn, collaborate, and work together as a team.

Speaking of our team, we have been performing penetration tests for over a decade, we have also been attending DefCon as a team for just as long. Additionally, members of our team have worked previously as Developers, System Administrators, Network Administrators, and more. We have a wealth of information in our group that we are looking to share, and we hope that you will add to it.

Job Responsibilities

- Perform application, internal, and external penetration tests

- Identify and Exploit vulnerabilities without negatively impacting the customer’s environment

- Document vulnerability impact to customer's environment

- Consult with customers on how to improve their security posture

- Contribute personal knowledge to the team

Compensation

- Salaried full-time position

- Quality-based incentives

- Competitive benefit package

- Professional penetration testing training

Job Requirements

- 2 years of penetration testing or bug bounty experience (optional, but preferred) 

- Willing to relocate to Utah, Colorado, or Oregon (as needed)

- Fluent in English

- Access to reliable, high speed internet connection

Attributes We Are Interested In

The ideal candidate would possess the following attributes:

- Passion for security

- Disciplined

- Self-starter

- Experience with training platforms (i.e., HackTheBox, Portswigger Web Security Academy, etc.)

Skills We Are Interested In

The ideal candidate would possess the following skills:

- Familiar with Web application proxies (MiTM proxy, ZAP, Burp)

- Comfortable manipulating and crafting HTTP requests

- Competent at identifying and exploiting web application vulnerabilities (SQL Injection, XML External Entity Injection, Command Injection, Cross Site Scripting, Server Side Request Forgery, etc.)

- Familiar with various API’s (REST, SOAP, JSON, etc)

- Familiar with exploiting and chaining vulnerabilities to maximize their impact

- Familiarity with the OWASP Testing Guide

- Competent at identifying and exploiting network vulnerabilities (Active Directory misconfigurations, known vulnerabilities, etc.)

- Competent at enumerating and mapping an internal network 

- Comfortable documenting vulnerabilities, as well as the steps necessary to reproduce and remediate documented vulnerabilities

- Industry Certifications – (OSCP, PNPT, BSCP, CRTO, etc.)

Application Process

1. Submit your resume

Make your resume the fastest way for us to get to know you, then submit it here. We will review your experience and skill-set, then get back to you within a few business days, to schedule a phone interview.

1. Phone Interview

During the phone interview, we will let you expound on your resume and tell us more about you and your background.

1. Technical challenge

We have designed a challenge to see how you approach a penetration test and solving problems. This challenge is not designed to test every area of your security knowledge, but instead, to give us some insight into your penetration testing methodology and report writing.

1. Second Interview

After we have gotten to know you, we would like you to meet with a couple members of the team. We will have another interview where we will talk more in-depth about your background and your goals. If we are the right fit for you, we will make an offer.