Penetration Tester

Bishop Fox

7h•Remote

About The Position

At Bishop Fox, security isn't just a job—it's our passion. As leaders in continuous offensive security and penetration testing, we deliver world-class customer experiences. Trusted by over a quarter of the Fortune 100, half of the Fortune 10, and top global media companies, we help safeguard digital landscapes. Our Cosmos platform, honored as Best Emerging Technology by SC Media, exemplifies our commitment to innovation. Joining Bishop Fox means collaborating with a curious and dedicated team. You'll tackle complex challenges for some of the world's most recognized organizations, securing their networks against real-world threats. With nearly 20 years of industry contributions—including 16 open-source tools and 50 security advisories published in the past five years—we're committed to making the digital world safer. We’re looking for talented, experienced professional hackers to help us secure some of the world’s most complex software and sophisticated technologies. You’ll be working alongside our US and internationally-based teams supporting clients across multiple industries.

Requirements

4+ years experience in planning, conducting, and managing web application penetration tests
5+ years of application security experience
Deep understanding of security fundamentals (OWASP), common vulnerabilities, and application security best practices
Skilled in vulnerability assessment and the development of exploits for diverse targets
Background in system and network security, authentication and security protocols, and applied cryptography is helpful
Experience with programming and scripting languages such as Python, Ruby, PowerShell, Java, JavaScript, etc.
Proficiency with operating systems- Linux, Windows, MacOS
Experience with network and system exploitation including modern tactics, techniques, and procedures (e.g. c2 frameworks, EDR bypass, privilege escalation, password cracking, lateral movement, etc.)
Strong technical reporting and documentation skills
Ability to communicate technical findings clearly to both technical and executive stakeholders, including actionable remediation guidance.

Nice To Haves

Experience reviewing Golang source code for vulnerabilities
Advanced relevant academic training, such as a degree in Computer Science or an OSCP
Experience with AWS cloud environments preferred with an understanding of its major technologies, such as IAM, EC2, VPC, EBS, S3, CloudWatch, and Lambdas, and how to keep them secure
Secondary expertise in one or more of the following areas preferred: Cloud Security Assessments, Mobile Application Security Testing, Hybrid Application Assessments, or AI/LLM Security Assessments.

Responsibilities

Testing web applications
Hacking networks
Reversing software
Working on a variety of projects which include short-term engagements and extended program work with well-established clients
Solving challenging technical problems
Building creative solutions
Providing expert opinion to help clients navigate difficult business decisions

Benefits

Comprehensive benefits program is tailored to meet your needs at an affordable price
Embrace diversity and an inclusive culture
Value our employees and who they are, which fosters a powerful and collective talent base to successfully serve our clients and the security community with unparalleled expertise.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume