Senior Pentester
Synack’s Penetration Testing as a Service platform manages customers’ attack surfaces by discovering new assets, pentesting for critical vulnerabilities and gaining visibility into the root causes of security risks. We are committed to making the world more secure by harnessing a talented, vetted community of security researchers to deliver continuous penetration testing and vulnerability management, with actionable results. Synack's PTaaS platform has uncovered more than 71,000 exploitable vulnerabilities to date, protecting a growing list of Global 2000 customers and U.S. agencies in a FedRAMP Moderate Authorized environment. For more information, please visit www.synack.com.
We are looking for a talented penetration tester with experience in various types of offensive security engagements to help us establish and build a new team within Synack. Since the team is new and will start small, we are seeking candidates with a variety of skills who are looking to collaborate with one another and pick up things that they haven’t already mastered on the fly.
Please note: This is a remote position based in the U.S. Due to federal government contract requirements, we can only hire U.S. citizens for this position.
Sounds interesting? Keep reading...
Here’s what you'll do
Participate in discussions with clients to learn about their environment and applications, learn about what they want tested, agree upon scope and Rules of Engagement, and organize test schedules.
Conduct independent and collaborative penetration tests across infrastructure, web applications, mobile platforms, APIs, and cloud environments
Design and execute test plans simulating real-world adversarial behavior
Identify, exploit, and document vulnerabilities with technical detail, reproducible steps, and business impact analysis
Write professional reports including technical results, risk ratings, and mitigation recommendations
Translate technical findings into business impact and recommendations for security hardening.
Track evolving TTPs, zero-day research, and attack surface changes relevant to client environments
Here’s what you’ll need
Experience aligning engagement reporting with the MITRE ATT&CK framework.
Experience briefing engagement results to “C-suite” and executive level federal employees.
A Red Team specific certification such as the CRTO or GRTP.
2+ years of experience performing adversary emulation against commercial or federal environments.
5+ years of experience penetration testing in one or more of these areas: Active Directory, web application, host, cloud, ICS/SCADA
Proven experience in bypassing industry WAF (e.g. Akamai, Cloudflare, F5).
Proven experience in post-exploitation techniques (e.g. lateral movement, evasion, persistence, etc.).
Experience with various command and control (C2) frameworks such as Cobalt Strike, Sliver, Merlin, etc.
Familiarity with common cloud security vulnerabilities and exploit vectors (e.g. common misconfigurations, etc.).
Experience with both assumed breach scenarios and scenarios where breaching the perimeter is required.
Excellent written and verbal communication skills.
Strong understanding of vulnerability classes (e.g., OWASP Top 10, CWE Top 25) and exploitation techniques
Experience with threat modeling methodologies: PASTA, TRIKE, STRIDE
Scripting or automation in Python, Bash, or PowerShell
Strong communication and technical documentation skills
Experience scoping penetration testing engagements
Experience briefing engagement results to different customer levels
Experience classifying vulnerabilities using CVSS
At least one advanced industry certification, i.e. OSCP, OSWE, OSEP
Candidates must be US citizens.
Here’s what will make you standout
Multiple advanced industry certifications (OSCP, GPEN, GWAPT, or CISSP, CISA, CRISC)
Experience performing Red Team and Purple Team exercises
Experience coding in programming languages like C++, C, C#
A Security Clearance
Ready to join us?
Synack is committed to embracing diversity. Our people are our strength. Each addition to our team is an opportunity to grow and diversify our ideas, experiences, and viewpoints. Synack strives to be inclusive of all people.
As a candidate, Synack cares about your privacy. Please view our candidate privacy policy here.
This position has responsibility to ensure Synack’s security and privacy posture is maintained.
$125,000 - $185,000 Salary is determined by a combination of factors including location, level, relevant experience, and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity, and benefits. For more details about our benefits, please see here. Then for the Employer code, enter: synack
About the job
Apply for this position
Senior Pentester
Synack’s Penetration Testing as a Service platform manages customers’ attack surfaces by discovering new assets, pentesting for critical vulnerabilities and gaining visibility into the root causes of security risks. We are committed to making the world more secure by harnessing a talented, vetted community of security researchers to deliver continuous penetration testing and vulnerability management, with actionable results. Synack's PTaaS platform has uncovered more than 71,000 exploitable vulnerabilities to date, protecting a growing list of Global 2000 customers and U.S. agencies in a FedRAMP Moderate Authorized environment. For more information, please visit www.synack.com.
We are looking for a talented penetration tester with experience in various types of offensive security engagements to help us establish and build a new team within Synack. Since the team is new and will start small, we are seeking candidates with a variety of skills who are looking to collaborate with one another and pick up things that they haven’t already mastered on the fly.
Please note: This is a remote position based in the U.S. Due to federal government contract requirements, we can only hire U.S. citizens for this position.
Sounds interesting? Keep reading...
Here’s what you'll do
Participate in discussions with clients to learn about their environment and applications, learn about what they want tested, agree upon scope and Rules of Engagement, and organize test schedules.
Conduct independent and collaborative penetration tests across infrastructure, web applications, mobile platforms, APIs, and cloud environments
Design and execute test plans simulating real-world adversarial behavior
Identify, exploit, and document vulnerabilities with technical detail, reproducible steps, and business impact analysis
Write professional reports including technical results, risk ratings, and mitigation recommendations
Translate technical findings into business impact and recommendations for security hardening.
Track evolving TTPs, zero-day research, and attack surface changes relevant to client environments
Here’s what you’ll need
Experience aligning engagement reporting with the MITRE ATT&CK framework.
Experience briefing engagement results to “C-suite” and executive level federal employees.
A Red Team specific certification such as the CRTO or GRTP.
2+ years of experience performing adversary emulation against commercial or federal environments.
5+ years of experience penetration testing in one or more of these areas: Active Directory, web application, host, cloud, ICS/SCADA
Proven experience in bypassing industry WAF (e.g. Akamai, Cloudflare, F5).
Proven experience in post-exploitation techniques (e.g. lateral movement, evasion, persistence, etc.).
Experience with various command and control (C2) frameworks such as Cobalt Strike, Sliver, Merlin, etc.
Familiarity with common cloud security vulnerabilities and exploit vectors (e.g. common misconfigurations, etc.).
Experience with both assumed breach scenarios and scenarios where breaching the perimeter is required.
Excellent written and verbal communication skills.
Strong understanding of vulnerability classes (e.g., OWASP Top 10, CWE Top 25) and exploitation techniques
Experience with threat modeling methodologies: PASTA, TRIKE, STRIDE
Scripting or automation in Python, Bash, or PowerShell
Strong communication and technical documentation skills
Experience scoping penetration testing engagements
Experience briefing engagement results to different customer levels
Experience classifying vulnerabilities using CVSS
At least one advanced industry certification, i.e. OSCP, OSWE, OSEP
Candidates must be US citizens.
Here’s what will make you standout
Multiple advanced industry certifications (OSCP, GPEN, GWAPT, or CISSP, CISA, CRISC)
Experience performing Red Team and Purple Team exercises
Experience coding in programming languages like C++, C, C#
A Security Clearance
Ready to join us?
Synack is committed to embracing diversity. Our people are our strength. Each addition to our team is an opportunity to grow and diversify our ideas, experiences, and viewpoints. Synack strives to be inclusive of all people.
As a candidate, Synack cares about your privacy. Please view our candidate privacy policy here.
This position has responsibility to ensure Synack’s security and privacy posture is maintained.
$125,000 - $185,000 Salary is determined by a combination of factors including location, level, relevant experience, and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity, and benefits. For more details about our benefits, please see here. Then for the Employer code, enter: synack