FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Cloud Penetration Tester
Bishop FoxCloud Penetration Tester at Bishop Fox engaging in security assessments and consulting roles. Collaborating with teams to secure digital landscapes and provide actionable remediation guidance.
Tech Stack
Tools & technologiesAWSCloudDNSJavaLinuxMacOSPythonSDLCTCP/IP
About the role
Key responsibilities & impact- Perform hands-on security testing
- Analyze application behavior
- Review source code
- Identify realistic exploitation scenarios
- Validate security controls across modern architectures
- Work closely with clients and internal teams to deliver high-quality technical assessments and actionable remediation guidance
Requirements
What you’ll need- 4+ years of experience in application security assessments, penetration testing, or offensive security engagements
- Strong understanding of application security fundamentals, modern attack techniques, and common vulnerabilities affecting web applications, APIs, mobile applications, and cloud-native environments
- Hands-on experience testing REST APIs, including authentication/authorization flaws, IDORs, injection vulnerabilities, session management issues, and business logic flaws
- Strength with AWS services and cloud security concepts, including IAM, STS, S3, Lambda, API Gateway, CloudTrail, CloudWatch, and secure communication patterns such as SigV4
- Solid understanding of networking and web fundamentals, including HTTP/HTTPS, TCP/IP, DNS, API communication flows, cookies, headers, and related concepts
- Experience reviewing source code for security issues in Java, C#, and Python applications
- Knowledge of secure coding principles and common risks such as SSRF, insecure deserialization, injection vulnerabilities, sensitive data exposure, and insecure cloud integrations
- Understanding of SDLC, CI/CD pipelines, and secure development practices
- Experience using security assessment and code review tools such as Burp Suite, Semgrep, Git, AWS CLI, and API testing/debugging tools
- Comfortable working across Linux, Windows, and macOS environments
- Experience or strong interest in AI/LLM security, including prompt injection, RAG risks, insecure integrations, excessive permissions, and the OWASP Top 10 for LLM Applications
- Strong written and verbal communication skills, with the ability to deliver clear, actionable findings and communicate technical risks to both technical and executive stakeholders
- Experience following structured testing methodologies, documentation standards, and validation/retesting workflows
- Strong collaboration and interpersonal skills when working with security, engineering, and client teams
- Ability to manage multiple concurrent engagements while maintaining high-quality deliverables and attention to detail
- Curious, adaptable, and professional mindset with a passion for continuous learning and emerging security trends
Benefits
Comp & perks- Generous Time Off and Company-Wide Holidays
- Team Events and International Travel Opportunities
- Work From Home Support
- Training Budget
- Saving Fund
- Food Coupons
- Health and Wellbeing programs
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application security assessmentspenetration testingoffensive security engagementssecurity testingsource code reviewREST API testingsecure coding principlesnetworking fundamentalsSDLCCI/CD
Soft Skills
communication skillscollaboration skillsinterpersonal skillsattention to detailadaptabilitycuriosityprofessionalismability to manage multiple engagementsclear findings deliverypassion for continuous learning