Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Senior Penetration Tester at Lams Technology LLC
Remote, Oregon, USA -
Full Time

Start Date

Immediate

Expiry Date

19 Nov, 25

Salary

140000.0

Posted On

20 Aug, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Cloud, Python, Csrf, Reverse Engineering, Mastery, Thinking Skills, Testing Tools, Azure, Nist, Threat Modeling, Ethics, Nmap, Xss, Communication Skills, Javascript, Kali Linux, Metasploit, Aws, Secure Code Review, Wireshark, Burp Suite, Gwapt, Mobile Testing, Powershell

Industry

Information Technology/IT

Description

Senior Penetration Tester (5+ Years Experience)
Location: 100% REMOTE
Department: Information Security
Employment Type: Full-Time
Salary Range: [Specify Range, e.g., $120,000 - $160,000 + Bonus/Benefits]
The Opportunity
We are seeking a highly skilled and experienced Senior Penetration Tester to join our dynamic Security team. You will play a critical role in proactively identifying and mitigating security vulnerabilities across our complex technology landscape, including network infrastructure, web/mobile applications, cloud environments (AWS/Azure/GCP), APIs, and potentially IoT/OT systems. This is not just about finding flaws; it’s about providing actionable intelligence, mentoring junior team members, and helping shape our defensive strategies.

Key Responsibilities

  • Plan & Execute Comprehensive Engagements: Lead the end-to-end process of penetration tests, including scoping, reconnaissance, threat modeling, exploitation, post-exploitation, and detailed reporting. Adapt methodologies (OSSTMM, NIST SP 800-115, PTES) to specific targets.
  • Diverse Target Testing: Conduct sophisticated penetration tests against:
  • External/Internal Network Infrastructure (Firewalls, Routers, Switches, Servers, Active Directory)
  • Web Applications (Frontend, Backend, APIs - REST/SOAP/GraphQL)
  • Mobile Applications (iOS, Android - Static & Dynamic Analysis)
  • Cloud Infrastructure & Services (AWS, Azure, GCP - IAM, Storage, Compute, Serverless)
  • Wireless Networks (WPA2/3, Rogue APs)
  • Social Engineering (Phishing Campaigns, Vishing, Physical Security Assessments)
  • Potentially: IoT Devices, Embedded Systems, SCADA/OT environments.
  • Advanced Vulnerability Discovery & Exploitation: Go beyond automated scanners. Utilize manual testing techniques to identify complex, business logic flaws, chained vulnerabilities, and zero-day threats. Develop custom exploits and scripts (Python, Ruby, Bash, PowerShell) as needed.
  • Thorough Documentation & Reporting: Produce clear, concise, and highly technical reports tailored to both executive leadership and technical remediation teams. Detail findings, evidence (screenshots, traffic captures), CVSS scoring, realistic business impact analysis, and prioritized, actionable remediation guidance. Deliver verbal debriefs.
  • Validation & Remediation Support: Actively collaborate with IT, Development, and Cloud teams to validate remediation efforts and verify fixes, ensuring vulnerabilities are effectively closed.
  • Security Tool Mastery: Expertly utilize industry-standard tools (e.g., Burp Suite Pro, Metasploit Pro, Nmap, Nessus/Qualys, Kali Linux suite, Cobalt Strike, BloodHound, Wireshark, custom scripts) and stay abreast of emerging tools/techniques.
  • Methodology & Process Improvement: Contribute to refining the penetration testing methodology, playbooks, and security standards within the organization.
  • Knowledge Sharing & Mentorship: Share expertise through technical presentations, brown-bag sessions, and mentorship of junior penetration testers or security analysts.
  • Research & Threat Intelligence: Stay ahead of the curve by researching new vulnerabilities, attack vectors, and offensive security trends. Apply threat intelligence to testing activities.

Required Qualifications & Experience

  • 5+ Years of Professional Experience: Hands-on penetration testing experience across multiple domains (Network, Web App, Cloud) in complex enterprise environments.
  • Deep Technical Proficiency:
  • Mastery of TCP/IP networking, protocols, and services.
  • Expert knowledge of common web vulnerabilities (OWASP Top 10, API Top 10) and exploitation techniques (SQLi, XSS, CSRF, SSRF, RCE, XXE, etc.).
  • Strong understanding of Operating System internals (Windows, Linux) and hardening principles.
  • Proven experience exploiting network vulnerabilities (misconfigurations, protocol weaknesses, credential attacks).
  • Solid understanding of Active Directory exploitation techniques (Kerberoasting, Pass-the-Hash, Golden Ticket, ACL abuses).
  • Experience testing cloud environments (AWS, Azure, or GCP) and understanding their unique security risks & misconfigurations.
  • Proficiency with scripting/automation (Python, PowerShell, Bash, Ruby).
  • Methodology & Standards: Demonstrated experience applying structured penetration testing methodologies (PTES, OSSTMM, NIST).
  • Tool Expertise: Extensive hands-on experience with core pentesting tools (Burp Suite, Metasploit, Nmap, Nessus/Qualys, Cobalt Strike, BloodHound, Wireshark, Kali Linux).
  • Certifications: At least one major industry certification is mandatory:
  • Offensive Security Certified Professional (OSCP) - Highly Preferred
  • Offensive Security Certified Expert (OSCE)
  • GIAC Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • Certified Ethical Hacker (CEH)
  • Communication: Exceptional written and verbal communication skills. Ability to translate complex technical findings into business impact for diverse audiences.
  • Problem Solving: Outstanding analytical and critical thinking skills with a persistent, creative, and thorough approach to problem-solving.
  • Ethics: Unwavering commitment to high ethical standards and professionalism.

Preferred Qualifications

  • Advanced Certifications: OSCE, OSEE, OSWE, GXPN, GCPN, CREST CRT/CCT (Infrastructure or Web), CCSAS/CCSAM.
  • Cloud Certifications: AWS Certified Security Specialty, Azure Security Engineer Associate, GCP Professional Security Engineer.
  • Mobile Testing: Deep experience with iOS/Android testing tools (MobSF, Frida, Objection) and reverse engineering.
  • Red Teaming: Experience participating in or leading red team engagements.
  • Secure Code Review: Ability to perform manual secure code reviews (Java, .NET, Python, JavaScript).
  • Development Background: Previous experience as a software developer.
  • Threat Modeling: Experience with threat modeling methodologies (STRIDE, PASTA).
  • Container Security: Experience assessing Docker/Kubernetes security.
  • Source Code Analysis: Experience with SAST/SCA tools.

What We Offer

  • Competitive salary and comprehensive benefits package (Health, Dental, Vision, 401k matching).
  • Generous paid time off (PTO) and company holidays.
  • Significant opportunities for professional development (training, conferences, certifications).
  • A challenging and rewarding role with direct impact on company security.
  • Access to cutting-edge tools and technologies.
  • Collaborative and supportive team environment.

Job Types: Full-time, Permanent
Pay: $111,000.00 - $140,000.00 per year

Benefits:

  • 401(k)
  • Dental insurance
  • Health insurance
  • Paid time off
  • Vision insurance

Work Location: Remot
Responsibilities
  • Plan & Execute Comprehensive Engagements: Lead the end-to-end process of penetration tests, including scoping, reconnaissance, threat modeling, exploitation, post-exploitation, and detailed reporting. Adapt methodologies (OSSTMM, NIST SP 800-115, PTES) to specific targets.
  • Diverse Target Testing: Conduct sophisticated penetration tests against:
  • External/Internal Network Infrastructure (Firewalls, Routers, Switches, Servers, Active Directory)
  • Web Applications (Frontend, Backend, APIs - REST/SOAP/GraphQL)
  • Mobile Applications (iOS, Android - Static & Dynamic Analysis)
  • Cloud Infrastructure & Services (AWS, Azure, GCP - IAM, Storage, Compute, Serverless)
  • Wireless Networks (WPA2/3, Rogue APs)
  • Social Engineering (Phishing Campaigns, Vishing, Physical Security Assessments)
  • Potentially: IoT Devices, Embedded Systems, SCADA/OT environments.
  • Advanced Vulnerability Discovery & Exploitation: Go beyond automated scanners. Utilize manual testing techniques to identify complex, business logic flaws, chained vulnerabilities, and zero-day threats. Develop custom exploits and scripts (Python, Ruby, Bash, PowerShell) as needed.
  • Thorough Documentation & Reporting: Produce clear, concise, and highly technical reports tailored to both executive leadership and technical remediation teams. Detail findings, evidence (screenshots, traffic captures), CVSS scoring, realistic business impact analysis, and prioritized, actionable remediation guidance. Deliver verbal debriefs.
  • Validation & Remediation Support: Actively collaborate with IT, Development, and Cloud teams to validate remediation efforts and verify fixes, ensuring vulnerabilities are effectively closed.
  • Security Tool Mastery: Expertly utilize industry-standard tools (e.g., Burp Suite Pro, Metasploit Pro, Nmap, Nessus/Qualys, Kali Linux suite, Cobalt Strike, BloodHound, Wireshark, custom scripts) and stay abreast of emerging tools/techniques.
  • Methodology & Process Improvement: Contribute to refining the penetration testing methodology, playbooks, and security standards within the organization.
  • Knowledge Sharing & Mentorship: Share expertise through technical presentations, brown-bag sessions, and mentorship of junior penetration testers or security analysts.
  • Research & Threat Intelligence: Stay ahead of the curve by researching new vulnerabilities, attack vectors, and offensive security trends. Apply threat intelligence to testing activities