Perform web application audits (common), network penetration tests (common), source code analysis (common), hardware assessments (less common), mobile penetration tests (common) across multiple industries and environments.
Create detailed penetration test reports in the English language (detailing the steps that were taken to exploit the issues and provide actionable remediation suggestions).
The ability to create/script tools and exploits during the engagement to demonstrate a vulnerability with proof or write meaningful test cases (to test all attack theories).
Expect a hands-on approach to penetration testing. Very little automation is used (we take very deep dives into our targets to provide the best results).
Work with other team members on client assessments. We are a team and work best as a group.

Capable of performing in-depth penetration tests (usually 2-3 week duration)
Strong understanding of web application and/or network vulnerabilities and mitigation controls
Good attention to detail and ability to complete tasks by the deadline
Well organized and ability to work autonomously
Technical curiosity and self-starter
Preferred: AWS penetration testing experience strongly preferred
OSCP or OSWE certification highly preferred (demonstration of exploitation capabilities or equivalent expertise can be used as a substitute)
Development experience highly desirable but not required
For senior analysts, ability to quickly become familiar with Appgate processes and progress to leading assessments

Security Researcher

Key skills