Somos, Inc.

Senior Penetration Tester

Somos, Inc.

full-time

Posted on:

Location Type: Remote

Location: ColoradoMassachusettsUnited States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $131,000 - $145,000 per year

Job Level

Senior

Tech Stack

CloudLinux

About the role

  • Lead and execute red team engagements, emulating advanced threat actors to assess detection and response capabilities.
  • Perform internal and external penetration testing across networks, applications, APIs, cloud environments, and physical security (as required).
  • Develop and manage penetration testing methodologies, tooling, and reporting standards.
  • Provide actionable remediation recommendations to engineering, DevOps, and IT teams.
  • Oversee the end-to-end vulnerability management program, including identification, prioritization, tracking, and remediation validation.
  • Partner with IT and application owners to drive timely patch management, ensuring critical vulnerabilities are addressed within SLA.
  • Own and maintain the organization’s SAST, DAST, and SCA tooling and processes.
  • Collaborate with development teams to integrate security testing into CI/CD pipelines.
  • Review application architecture, code, and configurations to identify security gaps.
  • Assist in internal and external audits, including SOC 2, ISO 27001, PCI, FISMA or other relevant frameworks.

Requirements

  • 8 years related experience, including 5+ years of experience in penetration testing, red teaming, or offensive security roles, or an equivalent combination of education and experience.
  • Strong knowledge of network, web application, and cloud security concepts.
  • Security certifications such as CISSP, CISA, OSCP, or CEH.
  • Hands-on experience with penetration testing and red team toolsets (e.g., Burp Suite, Cobalt Strike, Metasploit, Nessus, Kali Linux, BloodHound, etc.).
  • Experience running and managing SAST, DAST, and SCA tooling (e.g., Veracode, Qualys, GitHub Advanced Security, WIZ, SonarQube).
  • Strong understanding of vulnerability scoring systems (CVSS), exploitability, and risk management.
  • Familiarity with common security standards (OWASP Top 10, NIST CSF, MITRE ATT&CK).
  • Ability to clearly communicate technical issues and risk to executives and technical team
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
penetration testingred teamingvulnerability managementsecurity testingnetwork securityweb application securitycloud securityrisk managementexploitabilityvulnerability scoring systems
Soft Skills
communicationcollaborationleadershipproblem-solvinganalytical thinking
Certifications
CISSPCISAOSCPCEH