About Company
Are you passionate about discovering vulnerabilities and strengthening digital defenses? Career.zycto connects elite cybersecurity professionals with groundbreaking opportunities across diverse industries. We understand the unique challenges and rewards of a penetration testing career, acting as your strategic partner to place you where your skills are most valued. Join a network where your expertise directly contributes to innovative security solutions, working with companies at the forefront of digital protection. Our mission is to empower professionals like you to thrive in dynamic, impactful roles, ensuring your next career move is both challenging and profoundly rewarding.
Job Description
Career.zycto is actively seeking a highly skilled and motivated Penetration Tester to join a dynamic cybersecurity team in San Francisco. In this critical role, you will be at the forefront of identifying, exploiting, and reporting security vulnerabilities across a diverse range of systems, applications, and networks. This isn’t just about finding flaws; it’s about proactively strengthening defenses and contributing to a more secure digital landscape for our clients. You’ll be instrumental in simulating real-world attacks, providing actionable insights, and guiding remediation efforts, directly impacting the resilience of vital infrastructure. We are looking for an individual who thrives on technical challenges, possesses a strong ethical hacking mindset, and is committed to continuous learning in the ever-evolving threat landscape. This position offers an unparalleled opportunity to work with cutting-edge technologies and collaborate with brilliant minds dedicated to pushing the boundaries of cybersecurity. If you’re ready to put your offensive security skills to the test and make a tangible difference, we invite you to explore this exciting opportunity. Your expertise will not only protect valuable assets but also help shape the future of secure systems, providing peace of mind to countless users and organizations.
Key Responsibilities
- Conduct comprehensive penetration tests on web applications, mobile applications, network infrastructure, APIs, and cloud environments (AWS, Azure, GCP) to identify security vulnerabilities.
- Develop and execute test plans, methodologies, and scripts tailored to specific client environments and project requirements, ensuring thorough coverage.
- Perform manual and automated vulnerability assessments, utilizing a wide array of industry-standard tools and custom scripts to uncover weaknesses.
- Document findings in detailed, clear, and actionable reports, presenting identified vulnerabilities, their potential impact, and practical recommendations for remediation to technical and non-technical stakeholders.
- Collaborate with development, operations, and security teams to explain security risks, guide remediation strategies, and validate the effectiveness of implemented controls.
- Stay abreast of the latest exploits, attack vectors, and security trends, continuously refining testing methodologies and knowledge to anticipate emerging threats.
- Participate in red team exercises and security incident response simulations, contributing offensive security expertise to enhance organizational preparedness.
Required Skills
- Minimum of 4 years of professional experience in penetration testing or a closely related offensive security role.
- Proficiency with common penetration testing tools such as Burp Suite, Nmap, Metasploit, Wireshark, Nessus, and Kali Linux.
- Strong understanding of network protocols (TCP/IP, HTTP/S, DNS), web application security (OWASP Top 10), and common authentication mechanisms.
- Solid scripting and programming skills (e.g., Python, Ruby, Go, PowerShell, Bash) for automation and exploit development.
- Experience with cloud security assessments (AWS, Azure, GCP) and an understanding of cloud-native attack vectors.
- Familiarity with various operating systems (Windows, Linux, macOS) and their respective security configurations.
Preferred Qualifications
- Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Security, or a related field.
- Industry certifications such as OSCP, OSCE, GPEN, GWAPT, CISSP, CEH (OSCP strongly preferred).
- Experience with secure code review and threat modeling methodologies.
- Prior experience working in a regulated industry (e.g., finance, healthcare) or with compliance frameworks (e.g., SOC 2, HIPAA, PCI DSS).
- Active participation in bug bounty programs or CTF competitions.
Perks & Benefits
- Competitive salary and performance-based bonuses.
- Comprehensive health, dental, and vision insurance plans.
- 401(k) retirement plan with company matching contributions.
- Generous paid time off, including holidays and sick leave.
- Budget for professional development, certifications, and conference attendance.
- Access to cutting-edge security tools and technologies.
- Collaborative and supportive work environment with opportunities for mentorship.
- Commuter benefits program for public transportation.
- Regular team-building events and social gatherings.
How to Apply
Ready to fortify digital defenses with your expertise? Click on the application link below to submit your resume and cover letter. We look forward to reviewing your qualifications and discussing how your skills can contribute to a safer digital future.
