Senior Penetration Tester / Pen Test Leader (Netherlands) - Amsterdam

BreachLock is looking for New York based Penetration Testing talent with programming skills. We have multiple positions open for passionate bug bounty hunters or penetration testers that also like developing security tools using python or other technologies.

Who are we?

BreachLock is a remote first security startup that offers a unique SaaS platform delivering on-demand, continuous, and scalable security testing suitable for modern cloud and DevOps powered businesses. BreachLock is also World’s first full stack PTaaS powered by Certified Hackers and AI. We are a young and international startup with offices in Amsterdam, New York, London and New Delhi.

Some of our achievements include:

• Featured in Gartner HypeCycleas top 8 PTaaS Vendor Globally
• One of the fastest-growing SaaS companies in Cyber Security.
• HOT 150 Cybersecurity companies 2021 - Cybersecurity Ventures.
• Cyber Security Innovator for Analysis and Testing category 2019 – SC Magazine.
• Top 10 Vulnerability Management Solution for 2019 – Enterprise Security Magazine.
• Most promising Cyber Security startup 2019 – CIO Review.
• Cyber Security Innovator for the year 2019 – Mirror Review.
• Top 10 Vulnerability Assessment vendor in Gartner Peerinsight

Responsibilities

As a Senior Penetration Tester, you will be on the front lines with our clients supporting them with their cloud and Offensive Security needs. You will work with our Offensive Security team to build attack-oriented professional services practice such as (but not limited to): Red/Purple Team Operations, Penetration Testing, Breach and Attack Simulations, Cloud Penetration Testing, Social Engineering, and a variety of ad-hoc custom assessments to address unique information security concerns for clients. In this role you will:

• Drive Practice development, including improving existing offerings, creating new offerings, and mentoring team members
• Foster client relationships from Sales to Renewal Cycle by providing right solutioning, support, information, and guidance
• Support the teams on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives.
• Perform Red Team Assessments, Purple Team Assessments, Network Penetration Tests, Wireless Security Assessments, Onsite and Remote Social Engineering, and a variety of custom assessments
• Create and review comprehensive assessment reports that are technical and managerial to describe the engagement, scope, risks, and remediation recommendations

• Provide technical and administrative oversight and guidance to junior members of the team while performing technical operations
• Liasioning between technical teams and executive level professionals to relay relevant testing results and findings
• Develop marketing materials and participate in marketing activities such as creating research, speaking at conferences, authoring materials and presenting thought leadership
• Expertise on security testing frameworks and standards such as OSSTMM, OWASP, NIST SP 800-115, and MITRE ATT&CK is required
• Use automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients
• Mastery of commercial and open source security tools including, but not limited to: Nmap, Nessus, BurpSuite, Cobalt Strike, Metasploit, Wireshark, and Aircrack-ng
• Serve as a subject matter expert on cloud cyber risk for at least one of the leading cloud platforms preferably AWS, Microsoft Azure/ Office 365.
• Support and enable junior team members across both technical and management leadership capacities.
• Provide internal cloud security technical training to Advisory personnel as needed.

Requirements

What we are looking for:

• · 6+ years combined in IT and information security experience· 5+ years of experience performing offensive/attack-oriented security assessments including penteration testing· 2+ years of experience in an enterprise-level customer facing role· Experience with various public cloud components and architectures with Azure / AWS strongly preferred.· Experience in evading security detection controlsAdditional Requirements:· Ability to travel if needed, based on the work you do and the clients and industries/sectors you serve.· Must be legally authorized to work in the Netherlands without the need for employer sponsorship, now or at any time in the future. · Experience with leading multiple distributed teams across different geographies.· Excellent teamwork and interpersonal skills.Preferred:· Prior experience working with Big-4s in similar role· Experience in creating a vision and authoring the design of cyber programs and methodologies· Experience teaching and certifying personnel to achieve goal-oriented training objectives· Other lab-based certifications such as OSCP, OSCE, GIAC, and GSE are preferred· Other relevant industry certifications, such as GPEN and GCIH· InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing· Experience building security tool APIs and/or services.· Experience building/automating Red Team Infrastructure.· Experience building/automating Attack Defense labs· Previous Consulting or Big 4 experience preferred.· Certifications such as: CISSP, AWS/Azure Security/DevOps/Professional Certifications, completion of Red Teaming Labs· Excellent writing and verbal communication skills.· Strong project management and organizational skills.· Knowledge of business process, user provisioning process, and security maintenance processes.

Benefits

• Opportunity to join and grow in a passionate, rapidly expanding industry
• Competitive compensation
• Ability to work remotely
• Equity plan possibilities based on performance
• Flexible work hours
• You will be working alongside international experts
• Strong career prospects in an early-stage startup