Job Description
Company Description
BreachLock is a global leader in Offensive Security including Red Teaming, Continuous Attack Surface Discovery and Penetration Testing services. We help organizations discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing, and Red Teaming. BreachLock provides an attacker’s perspective that goes beyond standard vulnerabilities, enabling organizations to build a comprehensive, proactive defense strategy.
Role Description
Penetration Tester (Mid-Senior) | Full-Time | Remote (US)
As a penetration tester on BreachLock’s US Strategic delivery team, you’ll execute manual, methodology-driven engagements across web applications, APIs, and internal networks — including assumed breach simulations — for enterprise clients. You’ll work directly with delivery leadership, contribute to internal tooling and quality systems, and help raise the bar for the team around you.
Key Responsibilities
Execute web application, API and mobile penetration tests with a focus on manual testing beyond automated scanning — business logic, authentication abuse, authorization flaws, and injection chains
Conduct internal network assessments, external network assessments and assumed breach engagements, including Active Directory enumeration, lateral movement, privilege escalation, and post-exploitation
Leverage frameworks including MITRE ATT&CK, PTES, and OWASP to structure assessments and findings
Develop and contribute to internal tooling — automation scripts, reporting utilities, and workflow improvements using Python, Bash, or similar
Participate in QA review cycles, providing structured feedback on findings, CVSS scoring accuracy, and report quality
Mentor junior testers through technical guidance and finding review
Collaborate with delivery leadership on scoping, client kickoff calls, and remediation guidance
3–5 years of professional penetration testing experience in a delivery or consulting context
Strong web application and API testing fundamentals — Burp Suite proficiency, OWASP Top 10 and beyond, authentication and session management testing
Solid internal network assessment skills — AD enumeration, Kerberoasting, NTLM relay, ADCS misconfigurations, assumed breach methodology
Proficiency in scripting and automation (Python, PowerShell, Bash)
Strong written communication — capable of writing clear, accurate, well-scoped findings independently
Familiarity with PTaaS delivery models or platform-based reporting workflows is a plus
US-based and eligible to work without sponsorship
Preferred
Experience with C2 frameworks (Cobalt Strike, Havoc, Sliver, or similar)
Active involvement in cybersecurity communities, research, or bug bounty programs
Certifications such as OSCP, BSCP, CRTO, GWAPT, GPEN, or equivalent practical credentials
Experience with SIEM platforms or EDR tools from an adversarial perspective
Competitive compensation and performance-based equity opportunities
Flexible work hours with hybrid remote options
Opportunity to work with international cybersecurity experts
Strong career progression in a rapidly expanding early-stage company
Exposure to cutting-edge research, tools, and techniques in offensive security
Additional Organization Details
- BreachLock Website
- Leadership Team
- Meet the BreachLockers Video Series
- Reuters Coverage
- CEO Interview – Cybercrime Magazine
- Seemant Sehgal Interview on RT4 & RTLZ
