Senior Penetration Tester

Somos•Littleton, CO

1d•$131,000 - $145,000

About The Position

Somos is an innovative technology company that ensures that phone calls and text messages can be trusted. Consumers don’t want spammers and fraudsters to reach them through their devices, and businesses don’t want their legitimate phone calls ignored. The solution? Developing stronger trusted digital identities. And that’s where you come in! We are seeking a highly skilled Senior Penetration Tester to lead offensive security operations and strengthen our overall security posture. This role will drive red team exercises, manage vulnerabilities across the enterprise, oversee patch management initiatives, and own all aspects of application security testing, including SAST, DAST, and SCA. The ideal candidate will have a strong blend of technical expertise, communication skills, and the ability to collaborate across teams while providing clear guidance to both technical and non-technical stakeholders

Requirements

8 years related experience, including 5+ years of experience in penetration testing, red teaming, or offensive security roles, or an equivalent combination of education and experience.
Strong knowledge of network, web application, and cloud security concepts.
Security certifications such as CISSP, CISA, OSCP, or CEH.
Hands-on experience with penetration testing and red team toolsets (e.g., Burp Suite, Cobalt Strike, Metasploit, Nessus, Kali Linux, BloodHound, etc.).
Experience running and managing SAST, DAST, and SCA tooling (e.g., Veracode, Qualys, GitHub Advanced Security, WIZ, SonarQube).
Strong understanding of vulnerability scoring systems (CVSS), exploitability, and risk management.
Familiarity with common security standards (OWASP Top 10, NIST CSF, MITRE ATT&CK).
Ability to clearly communicate technical issues and risk to executives and technical team

Nice To Haves

Experience with cloud platforms (AWS, Azure, GCP).
Background supporting compliance frameworks (SOC 2, ISO 27001, PCI, etc.).
Hands-on experience in secure SDLC and CI/CD toolchains.
Proactive, detail-oriented, and self-driven.
Strong analytical and problem-solving skills.
Ability to work cross-functionally with Engineering, IT, Compliance, and Leadership.
Passionate about offensive security, emerging threats, and continuous improvement.

Responsibilities

Offensive Security & Penetration Testing Lead and execute red team engagements , emulating advanced threat actors to assess detection and response capabilities.
Perform internal and external penetration testing across networks, applications, APIs, cloud environments, and physical security (as required).
Develop and manage penetration testing methodologies, tooling, and reporting standards.
Provide actionable remediation recommendations to engineering, DevOps, and IT teams.
Vulnerability Management & Patch Governance Oversee the end-to-end vulnerability management program , including identification, prioritization, tracking, and remediation validation.
Partner with IT and application owners to drive timely patch management , ensuring critical vulnerabilities are addressed within SLA.
Continuously refine vulnerability scoring and risk-based prioritization models.
Application Security (AppSec) Own and maintain the organization’s SAST, DAST, and SCA tooling and processes.
Collaborate with development teams to integrate security testing into CI/CD pipelines.
Review application architecture, code, and configurations to identify security gaps.
Provide secure coding guidance and lead developer training sessions.
Audit & Compliance Support Assist in internal and external audits , including SOC 2, ISO 27001, PCI, FISMA or other relevant frameworks.
Provide evidence, documentation, and subject-matter expertise during audit activities.
Support remediation of audit findings and control improvements.