Associate Principal Penetration Tester

Dragos

2d•$150,000•Remote

About The Position

Our Professional Services Team is seeking Associate Principal Penetration Tester who will provide technical leadership across vulnerability assessments, penetration testing, and adversary emulation activities supporting customer services engagements. You will shape engagement strategy and uncover real‑world attack paths across customer networks through hands‑on exploitation and deep technical analysis, working closely with customers across critical infrastructure sectors such as oil and gas, electric, water treatment, and manufacturing. You will also translate findings into clear, actionable remediation guidance, influencing detection and platform development. You will mentor team members and be a an advisor and representative of Dragos within the broader industrial security community.

Requirements

5+ years of hands‑on cybersecurity experience focused on vulnerability assessments, penetration testing or red teaming engagements.
Deep expertise in penetration testing methodologies across white‑, gray‑, and black‑box scenarios. This includes a solid understanding of cyber threats, attack paths, exploits and adversary TTPs.
Hands-on experience with assessment and penetration testing tools such as Metasploit, NMAP, Kali Linux, Cobalt Strike, Burp Suite Pro, and common LOTL toolsets.
Proven experience with networking components (ie, routers, switches, firewalls) and common operating systems (ie, Windows, Linux).
Strong communication, reporting, and customer‑facing skills, with the ability to clearly present technical findings to both technical and non‑technical audiences.
Self‑motivated, team‑oriented, and able to work independently in a remote/distributed environment.
Willingness to travel up to 30% for customer engagements.

Responsibilities

Lead customer‑facing professional services engagements centered on penetration testing, acting as the primary technical lead and trusted advisor on high‑impact pen test, purple team, and vulnerability assessment engagements.
Shape engagement strategy and direction, aligning deep technical execution with customer business objectives to deliver meaningful, risk‑focused security value.
Set the technical standard for penetration testing across the organization by defining methodologies, assessment frameworks, and adversary emulation approaches informed by current threat intelligence.
Design and execute advanced offensive campaigns that uncover complex attack paths across IT/OT boundaries and within industrial environments.
Translate field insights into strategic inputs for Dragos R&D, influencing tooling, detection content, and analytics by identifying gaps in customer visibility, response, and prevention.
Mentor and guide cross‑functional teams while evolving internal playbooks and operational practices, and represent Dragos through executive engagements and industry thought leadership.