Summary of Position
Our team is seeking a Penetration Tester who wants to spend more time hacking, and less time writing reports, managing customers, and traveling.
What Sets Us Apart
We strive to develop a Work-to-Live rather than a Live-to-Work culture. Don't get us wrong, we *love* what we do, but we enjoy having personal lives too. Although, it is not unusual to find members of our team burning the midnight oil competing in Capture-the-Flag competitions, or working on personal projects.
Security is a constantly evolving and fascinating field. Because our team wants to keep up with, and pioneer, our industry, SecurityMetrics provides us with training resources, practice environments, and one-on-one coaching. Our team uses these resources to improve our methodologies, and brush up on our skills.
Our entire team works out of our headquarters in Orem, Utah.(With a stunning view of the Wasatch Mountains.) Remember how we like having personal lives? We try our best to minimize unnecessary travel. From 2014 – 2019, no Penetration Testers were asked to travel. Not only does this provide us with more time for our private lives, but it also allows us to learn, collaborate, and work together as a team.
Speaking of our team, we have been performing penetration tests for over a decade, we have also been attending Def Con as a team for just as long. Additionally, members of our team have worked previously as Developers, System Administrators, Network Administrators, Security Auditors, and more. We have a wealth of information in our group that we are looking to share, and we hope that you will add to.
- Perform network and application penetration tests
- Identify and Exploit vulnerabilities
- Document vulnerability impact to customer's environment
- Consult with customers on how to improve their security posture
- Contribute personal knowledge to the team
- Salaried full-time position
- Quality-based incentives
- Competitive benefit package
- Professional penetration testing training
- 2+ years of penetration testing experience
- Willing to work out of our Orem, UT office
Attributes We Are Interested In
The ideal candidate would possess the following attributes:
- Experience performing Network, Web Application and API penetration tests
- Expert user of Web application proxies (MiTM proxy, ZAP, Burp)
- Familiar with various API’s (REST, SOAP, JSON, etc)
- Comfortable manipulating and crafting HTTP requests
- Experience utilizing preferred suite of testing tools.
- Familiarity with the OWASP Testing Guide
- Competent at identifying and exploiting vulnerabilities (SQL Injection, Buffer Overflows, Command Execution, Cross Site Scripting, Cross Site Request Forgery, Privilege escalation, etc.)
- Comfortable documenting vulnerabilities, as well as the steps necessary to reproduce and remediate documented vulnerabilities.
- Industry Certifications – (OSCP, OSWE, GPEN)
1. Submit your resume
Make your resume the fastest way for us to get to know you, then submit it here. We will review your experience and skill-set, then get back to you within a few business days, to schedule a phone interview.
2. Phone Interview
During the phone interview, we will let you expound on your resume and tell us more about you and your background.
3. Hacking challenge
We have designed a challenge to see how you approach a penetration test. This challenge is not designed to test every area of your security knowledge, but instead, to give us some insight in to your penetration testing skills and methodology.
4. On-site Interview
After we have gotten to know you, we would like you to come out to headquarters, see our space, and go to lunch with some of our team. We will have another interview where we will talk more in-depth about your background and your goals. If we are the right fit for you, we will make an offer.