Senior Penetration Tester
Phylum
Looking for an innovative, high-growth, multi-award-winning company in one of the hottest segments of the security market? Look no further than Veracode!
Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.
Responsibilities:
- Determine and translate the department delivery strategy into actionable, and measurable results.
- Provide engagement oversight, ensuring delivery success and customer satisfaction.
- Contribute to the ongoing maintenance of best practices, which can be referenced by colleagues, customers, prospects, and other external parties.
- Resolve complex problems that arise in everyday work and escalate more complex problems to director level.
- Maintain utilization target by delivering Security Consulting and assisting other team members with billable work. Non-billable work may consist of internal initiatives or other projects.
- Lead and contribute to the development of tooling and automation to improve team and client productivity
- Act as an ambassador to other departments within Veracode, including Customer Success, Solutions Architecture, Sales, and Engineering and Product Management
Desired Experience:
- Bachelor's degree or global equivalent in a related field.
- 4 years plus experience of Pen testing.
- Excellent verbal and written communication and presentation skills; ability to work under pressure collaboratively to solve complex problems; strong attention to detail a must.
- CREST, OSCP, OSCE, OSEP, GWAPT, GXPN, or similar certifications
- Experience with cloud security testing (AWS, Azure, GCP)
- Strong understanding of security frameworks and vulnerabilities (e.g., OWASP, CVSS, NIST)
- Experience using tools like Burp Suite, Nmap, Metasploit, Kali Linux, etc.
- Solid scripting skills in Python, Bash, or PowerShell (for tool development or automation)
- Understanding of AI-specific attack vectors, such as prompt injection, data poisoning, model inversion, or adversarial inputs
- Familiarity with general application and network security concepts including testing web applications, mobile applications, web services, network infrastructures, and thick-client applications.
- Familiarity with software architecture and design, application security concepts, and engineering processes.
- Knowledge of current and emerging technologies, tools, methodologies, information security principles, and impact to the security consulting industry.
- Previous experience working with software development.
- Experience creating standard practices, policies, and guidelines to help streamline operational functions.
Fraudulent Recruitment Alert - Be Aware and Stay Informed
At Veracode, we prioritize a secure recruitment process. Unfortunately, fake recruitment and job offer scams are on the rise. They aim to deceive candidates through emails and calls to obtain sensitive information.
Here’s our recruitment promise to you:
- Comprehensive Interview Process: We never extend job offers without a comprehensive interview process involving our recruitment team and hiring managers.
- Offer Communications: Our job offers are not sent solely through email, and we will never ask you to pay for your own hardware.
- Email Verification: Recruiting emails from Veracode will always originate from an “@veracode.com" email address.
If you have any doubts about the authenticity of an email, letter, or telephone communication claiming to be from Veracode, please reach out to us at careers@veracode.com before taking any further action.