Senior Analyst, Cyber Security GRC (Penetration Tester)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, or related technical field.
• 3+ years of experience in penetration testing, red teaming, or vulnerability research.
• Experience performing both application and infrastructure testing, including cloud and hybrid environments.
• Proficient with static and dynamic analysis tools, scripting, and exploit development.
• Certifications such as OSCP, GPEN, or equivalent technical credentials
• Proficiency with tools including Burp Suite Pro, Nmap, Nessus, Metasploit, BloodHound, and CrowdStrike Falcon.
• Experience conducting web, API, cloud, and infrastructure penetration testing.
• Strong understanding of authentication mechanisms, encryption, and secure software design principles.
• Intermediate to advanced ability in scripting languages such as Python, PowerShell, or Bash.
• Ability to perform static and dynamic source code analysis.
• Strong written and verbal communication skills to explain complex vulnerabilities to both technical and non-technical audiences.
• Ability to mentor and guide junior team members on testing methodology and report quality.
• Effectively collaborates across AppSec, InfraSec, and development teams.
• Operates independently on complex engagements with minimal supervision.
• Capable of scoping and defining objectives for penetration tests based on risk assessments.
• Develops and applies new testing techniques for emerging technologies.
• Anticipates potential attack paths and proactively strengthens detection and prevention capabilities.

Nice To Haves

• Experience with DevSecOps pipelines, CI/CD testing integration, or API fuzzing preferred
• Knowledge of compliance frameworks (PCI DSS, ISO 27001, CIS 18, NIST) preferred
• Experience validating security controls via EDR tools such as CrowdStrike Falcon or SentinelOne preferred
• Prior experience mentoring or leading technical exercises preferred

Responsibilities

• Plan, execute, and report on penetration tests of web, API, mobile, and infrastructure systems independently.
• Perform source code analysis to identify and validate application vulnerabilities.
• Develop custom scripts or proof-of-concept exploits to demonstrate impact of vulnerabilities.
• Perform post-exploitation analysis and validate detections using tools such as CrowdStrike Falcon.
• Collaborate with development and operations teams to guide remediation and conduct retests.
• Contribute to internal methodologies and documentation to improve testing consistency.
• Mentor junior penetration testers and share best practices across the team.
• Participate in red team and adversary simulation exercises to assess overall defense capabilities.

Benefits

• Medical, vision, dental and mental health benefits for you and your family, with access to a health care concierge, and Flexible or Health Savings Accounts (FSA or HSA)
• Free concert tickets, generous paid time off including paid holidays, sick time, and personal days
• 401(k) program with company match, stock reimbursement program
• New parent programs including caregiver leave and baby bonuses, plus fertility, adoption, foster, or surrogacy support
• Career and skill development programs with School of Live, tuition reimbursement, and student loan repayment
• Volunteer time off, crowdfunding match