# Senior Penetration Tester (US) > BreachLock · United States (Remote) · Full-time · Posted 2026-05-25 **Workplace:** remote **Department:** Pen Testing ## Description **Company Description** BreachLock is a global leader in Offensive Security including Red Teaming, Continuous Attack Surface Discovery and Penetration Testing services. We help organizations discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing, and Red Teaming. BreachLock provides an attacker's perspective that goes beyond standard vulnerabilities, enabling organizations to build a comprehensive, proactive defense strategy. **Role Description** **Penetration Tester (Mid-Senior)** | Full-Time | Remote (US) As a penetration tester on BreachLock's US Strategic delivery team, you'll execute manual, methodology-driven engagements across web applications, APIs, and internal networks — including assumed breach simulations — for enterprise clients. You'll work directly with delivery leadership, contribute to internal tooling and quality systems, and help raise the bar for the team around you. **Key Responsibilities** - Execute web application, API and mobile penetration tests with a focus on manual testing beyond automated scanning — business logic, authentication abuse, authorization flaws, and injection chains - Conduct internal network assessments, external network assessments and assumed breach engagements, including Active Directory enumeration, lateral movement, privilege escalation, and post-exploitation - Leverage frameworks including MITRE ATT&CK, PTES, and OWASP to structure assessments and findings - Develop and contribute to internal tooling — automation scripts, reporting utilities, and workflow improvements using Python, Bash, or similar - Participate in QA review cycles, providing structured feedback on findings, CVSS scoring accuracy, and report quality - Mentor junior testers through technical guidance and finding review - Collaborate with delivery leadership on scoping, client kickoff calls, and remediation guidance ## Requirements - 3–5 years of professional penetration testing experience in a delivery or consulting context - Strong web application and API testing fundamentals — Burp Suite proficiency, OWASP Top 10 and beyond, authentication and session management testing - Solid internal network assessment skills — AD enumeration, Kerberoasting, NTLM relay, ADCS misconfigurations, assumed breach methodology - Proficiency in scripting and automation (Python, PowerShell, Bash) - Strong written communication — capable of writing clear, accurate, well-scoped findings independently - Familiarity with PTaaS delivery models or platform-based reporting workflows is a plus - US-based and eligible to work without sponsorship **Preferred** - Experience with C2 frameworks (Cobalt Strike, Havoc, Sliver, or similar) - Active involvement in cybersecurity communities, research, or bug bounty programs - Certifications such as OSCP, BSCP, CRTO, GWAPT, GPEN, or equivalent practical credentials - Experience with SIEM platforms or EDR tools from an adversarial perspective ## Benefits - Competitive compensation and performance-based equity opportunities - Flexible work hours with hybrid remote options - Opportunity to work with international cybersecurity experts - Strong career progression in a rapidly expanding early-stage company - Exposure to cutting-edge research, tools, and techniques in offensive security **Additional Organization Details** - [BreachLock Website](https://www.breachlock.com/) - [Leadership Team](https://www.breachlock.com/about/leadership/) - [Meet the BreachLockers Video Series](https://www.youtube.com/watch?v=asewHeTvJoQ&list=PLDnjJvaOd9VFsMCLiTgxUL95LvRf_ESJE&index=14) - [Reuters Coverage](https://youtu.be/OCe63fIlI-4?si=k0wmetVzzSREMr6a) - [CEO Interview – Cybercrime Magazine](https://www.youtube.com/watch?v=jvV4vUGV0NA) - [Seemant Sehgal Interview on RT4 & RTLZ](https://www.youtube.com/watch?v=8E1rvzV1XX0&t=6s) ## Apply [Apply at BreachLock](https://apply.workable.com/breachlock/j/161DD6D8C3/apply) --- Powered by [Workable](https://www.workable.com)