Staff Penetration Tester

Cloudera

full-time

Posted on: 8/20/2025

Origin: • 🇺🇸 United States • Arizona

✨ AI Apply

Lead

AWSAzureCloudGoogle Cloud PlatformHDFSJavaScriptKubernetesOpen SourcePythonSDLC

About the role

Perform manual and automated pentesting of web apps and APIs.
Identify and exploit vulnerabilities, chaining findings for maximum impact.
Conduct targeted assessments on internal and external networks when needed.
Validate and document vulnerabilities with risk ratings and clear remediation guidance.
Collaborate with developers, engineers, and product teams to advise on remediation.
Contribute to secure SDLC initiatives and AppSec review processes.
Create scripts to speed up testing or hand off to engineering teams.
Stay current with new vulnerabilities, exploits, and offensive security tools.
Review SAST and DAST findings to enhance the testing activity.
Assist in the configuration and maintenance of SAST and DAST tools.

8-10 years of hands-on penetration testing experience, focusing on application security.
Experience with cloud platforms (AWS, Azure, GCP)
Experience with manual security source code review.
Strong knowledge of the OWASP Top 10 and common web/API vulnerabilities (e.g., Injection attacks, SSRF, auth bypass).
Experience with tools like Burp Suite, Nmap, sqlmap, and custom scripts.
Experience with Fortify, Semgrep, Burp Enterprise and CI/CD pipeline security.
Knowledge of network security testing (e.g., basic AD exposure, port scanning, misconfig checks, privilege escalation techniques).
Scripting ability in at least one language (Python, Bash, JavaScript, etc.).
Strong communication skills, especially when reporting findings and collaborating cross-functionally.
Certifications like OSCP, GWAPT, CEH, or eWPTX (Nice, but not required.)
Knowledge of containers and Kubernetes security