Penetration Tester & Threat Analyst

Penetration Tester & Threat Analyst

Posted 4 days ago by 1753794741

Apply
Negotiable
Outside
Remote
USA
Apply
Application Programming Interface (API) Bash (Scripting Language) Burp Suite Common Vulnerability Scoring System (CVSS) Cyber Kill Chain Framework Mapping Software Metasploit MITRE ATT&CK Framework Nmap Offensive Security Open Web Application Security Project (OWASP) Penetration Testing Threat Modeling Vulnerability Web Applications

Summary: The Penetration Tester & Threat Analyst role focuses on manual penetration testing and threat analysis, requiring expertise in frameworks like MITRE ATT&CK and STRIDE. The position involves identifying security vulnerabilities across various platforms and providing detailed reports with remediation steps. The candidate will simulate real-world attack scenarios and collaborate with security teams to mitigate risks. This is a remote position for a contract duration of over six months.

Key Responsibilities:

  • Perform manual penetration testing of applications, APIs, and infrastructure.
  • Identify and exploit vulnerabilities that go beyond automated scans.
  • Document findings with clear risk assessments and remediation steps.
  • Use threat frameworks (MITRE ATT&CK, STRIDE, etc.) to map and contextualize issues.
  • Support threat modeling and help prioritize risks based on potential business impact.
  • Work with security, engineering, and infrastructure teams to close gaps.

Key Skills:

  • 3-7 years of experience in penetration testing or offensive security.
  • Strong manual testing skills using tools like Burp Suite, nmap, Metasploit, etc.
  • Good understanding of OWASP Top 10, CVSS scoring, and common attack techniques.
  • Experience using or referencing MITRE ATT&CK, STRIDE, or similar frameworks.
  • Ability to write clear and concise vulnerability reports.
  • Scripting skills (Python, Bash) are a plus.

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:
Job Title: Penetration Tester & Threat Analyst

Location: Remote

Type: 6+ Month Contract

Job Description:
We are looking for a Penetration Tester & Threat Analyst with experience in manual penetration testing and working knowledge of threat analysis frameworks like MITRE ATT&CK, STRIDE, or Cyber Kill Chain.
The role involves identifying security vulnerabilities manually across web applications, APIs, and infrastructure, and mapping those findings to relevant threat models. The candidate should be able to simulate real-world attack scenarios, provide detailed reports, and suggest remediation steps based on risk impact.
Responsibilities:
  • Perform manual penetration testing of applications, APIs, and infrastructure.
  • Identify and exploit vulnerabilities that go beyond automated scans.
  • Document findings with clear risk assessments and remediation steps.
  • Use threat frameworks (MITRE ATT&CK, STRIDE, etc.) to map and contextualize issues.
  • Support threat modeling and help prioritize risks based on potential business impact.
  • Work with security, engineering, and infrastructure teams to close gaps.
Requirements:
  • 3 7 years of experience in penetration testing or offensive security.
  • Strong manual testing skills using tools like Burp Suite, nmap, Metasploit, etc.
  • Good understanding of OWASP Top 10, CVSS scoring, and common attack techniques.
  • Experience using or referencing MITRE ATT&CK, STRIDE, or similar frameworks.
  • Ability to write clear and concise vulnerability reports.
  • Scripting skills (Python, Bash) are a plus.
Preferred Certifications:
  • OSCP, GWAPT, eCPPT, CPT (or similar offensive security certs)
Apply
Similar Jobs
Loading data...