Key skills
AWSCloudEC2JavaJavaScriptLinuxMacOSPythonRubyGoGolangPowerShellAILLMS3IAMCloudWatchOWASPNetwork SecurityCloud Security
About this role
Role Overview
- You’re a penetration tester who knows their way around source code.
- You’ve plundered apps and pillaged networks (legally, of course).
- You have a passion for hacking and information security.
- You’ll be working alongside our US and internationally-based teams supporting clients across multiple industries.
- With Bishop Fox, your responsibilities would include testing web applications, hacking networks, and reversing software.
- As a consultant, you’ll work on a variety of projects which include short-term engagements and extended program work with well-established clients.
- You'll solve challenging technical problems and build creative solutions.
- As a trusted advisor, you’ll provide your expert opinion to help our clients navigate difficult business decisions.
Requirements
- 4+ years experience in planning, conducting, and managing web application penetration tests
- 5+ years of application security experience
- Deep understanding of security fundamentals (OWASP), common vulnerabilities, and application security best practices
- Skilled in vulnerability assessment and the development of exploits for diverse targets
- Background in system and network security, authentication and security protocols, and applied cryptography is helpful
- Experience with programming and scripting languages such as Python, Ruby, PowerShell, Java, JavaScript, etc.
- Bonus if you have experience reviewing Golang source code for vulnerabilities
- Proficiency with operating systems
- Linux, Windows, MacOS
- Experience with network and system exploitation including modern tactics, techniques, and procedures (e.g. c2 frameworks, EDR bypass, privilege escalation, password cracking, lateral movement, etc.)
- Strong technical reporting and documentation skills
- Advanced relevant academic training, such as a degree in Computer Science or an OSCP, is a definite bonus
- Experience with AWS cloud environments preferred with an understanding of its major technologies, such as IAM, EC2, VPC, EBS, S3, CloudWatch, and Lambdas, and how to keep them secure
- Secondary expertise in one or more of the following areas preferred: Cloud Security Assessments, Mobile Application Security Testing, Hybrid Application Assessments, or AI/LLM Security Assessments. Ability to communicate technical findings clearly to both technical and executive stakeholders, including actionable remediation guidance.
Tech Stack
- AWS
- Cloud
- EC2
- Java
- JavaScript
- Linux
- MacOS
- Python
- Ruby
- Go
Benefits
- Our comprehensive benefits program is tailored to meet your needs at an affordable price.
- We embrace diversity and an inclusive culture.
- We value our employees and who they are, which fosters a powerful and collective talent base.