Collaborative Penetration Testing (AWS & GCP): Work in tandem with a peer pentester to conduct deep-dive penetration tests of our products across our multi-cloud environment.
Control Plane: Review IAM policies, service configurations, and cloud-native permission structures.
Data Plane & Web UI: Execute dynamic testing against web interfaces and API endpoints.
Infrastructure Review: Assess the security posture of a hybrid infrastructure that mixes containers and Virtual Machines (VMs) infrastructures.
Vulnerability Reporting & Advisory: Triaging findings and creating clear, reproducible proofs-of-concept (PoCs).
AI-Augmented Security Assessments: Actively utilize AI and Large Language Models (LLMs) to automate reconnaissance, generate attack vectors, analyze configurations, and draft vulnerability reports.
Pipeline Management: Monitor bug bounty pipelines and external reports, validating findings and managing researcher communication.

Requirements

Multi-Cloud Fluency: Demonstrate a deep architectural understanding of GCP and AWS.
Container Security: Proven experience auditing and hardening managed container services (GKE Autopilot/Standard, EKS, ECS) and self-hosted/unmanaged workloads (K8s, k3s, OCI-runc).
AI Tooling: Demonstrated ability to integrate AI/LLM tools (e.g., Gemini, Claude) into the pentesting lifecycle to increase speed and coverage.
Web Application Security: Expert-level knowledge of web application security principles and offensive testing methodologies, with deep proficiency in OWASP Top 10 vulnerabilities, modern web framework exploitation, and API security (REST, WebSockets). Extensive hands-on experience conducting manual security assessments using Burp Suite Professional, OWASP ZAP, or similar tooling.
Security Automation: Proficiency in Python, Go, or Bash to eliminate "toil."
Infrastructure as Code: Solid grasp of Terraform and cloud-native deployment patterns.

Benefits

All employees may be eligible to become Menlo Security shareholders through eligibility for stock-based compensation grants, which are awarded to employees based on company and individual performance.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

penetration testingcloud securityvulnerability reportingAI integrationweb application securitysecurity automationinfrastructure as codecontainer securitydynamic testingAPI security

Soft Skills

collaborationcommunicationtriaging findingsreport writingproblem-solving