FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Offensive Security Analyst
Sprocket SecurityOffensive Security Analyst verifying and calibrating findings to improve automation at Sprocket Security. Working with R&D to cut false positives and enhance client deliverables.
Core Competencies
Role fitCore Competencies
Use this summary to align your resume positioning with the role.
Demonstrates expertise in triaging and validating vulnerabilities using security tools, with a strong foundation in Development, IT, or Infosec. Proficient in Python programming and clear written communication, capable of managing high-volume tasks independently.
Highest-signal resume keywords
Vulnerability TriagePython ProgrammingGenerative AI UtilizationSecurity+ CertificationOWASP Top 10 Validation
ATS Keywords
Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills
Vulnerability TriagePython ProgrammingSecurity Tool ExperienceVulnerability ValidationAutomation ScriptingDetail-Oriented CommunicationSelf-DirectionSecurity DepthClient-Ready ReportingPattern Recognition
Soft Skills
Clear CommunicationSelf-DirectedDetail-OrientedCollaborativeProblem-Solving
Tools & Technologies
SASTDASTSCAIASTGenerative AI ToolsAutomation PlatformsVulnerability ScannersR&D Collaboration ToolsKnowledge Base SystemsClient Experience Platforms
Certifications & Qualifications
Security+EJPTCPTSPNPTOSCP (Pursued)
Industry Keywords
InfosecCybersecurityVulnerability ClassesOWASP Top 10CTF AchievementsAutomation Feedback LoopAdversarial EngineeringClient-Ready QualityHigh-Volume Queue ManagementReproducibility
Tech Stack
Tools & technologiesPython
About the role
Key responsibilities & impact- Triage, validate, and QA findings surfaced by Sprocket's automation. Reproduce, confirm true positives, and eliminate false positives before anything reaches a client.
- Author and refine findings to client-ready quality in the Sprocket voice, and publish them through the platform.
- Calibrate severity to real business impact against Sprocket's standards, judging real-world impact over theoretical.
- Handle roughly 90% of findings independently and make accurate handle-versus-escalate decisions using the platform workflow, escalating the hard 10% to an Adversarial Engineer with full context attached.
- Feed pattern-level signal back to R&D and the Adversarial Engineering team to tune attack automations and cut false positives at the source. You'll be one of the tightest feedback loops we have into R&D.
- Log validation notes, flag false-positive patterns, and contribute to the knowledge base.
- Script away repetitive validation steps wherever they appear.
- Partner with your fellow R&D team members and the Service Delivery team on the automation feedback loop and client-experience improvements.
- Seek to programmatically enhance automation pipeline with new or updated capabilities when triage is complete and capacity allows, pairing with an Adversarial Engineer as needed.
- Attend daily standups, weekly 1:1s, monthly company calls, and all-hands.
Requirements
What you’ll need- Demonstrated experience triaging or reproducing vulnerabilities surfaced by a security tool (vulnerability scanner, SAST/DAST/SCA/IAST, or similar automation) in a professional setting.
- Some software programming experience, Python preferred.
- Some exposure to utilizing Generative AI tools for day-to-day tasks, Claude preferred.
- A strong Development, IT, or Infosec foundation, paired with genuine, self-directed security study.
- Enough security depth to validate common vulnerability classes hands-on, including OWASP Top 10, network, and auth issues, not just name them.
- Clear, detail-oriented written communication that holds up under volume.
- The self-direction to manage a high-volume queue independently, without hourly guidance.
- Security+, eJPT, CPTS, PNPT, or a similar foundational credential (preferred).
- CTF achievements (HackTheBox, TryHackMe, PortSwigger Academy) (preferred).
- A degree in computer science, engineering, or IT (preferred).
- Genuine interest in working toward OSCP or an equivalent hands-on certification over time (preferred).
Benefits
Comp & perks- Unlimited and mandatory PTO for healthy work/life balance.
- Company matched 401k (immediate eligibility, no one should have to wait to start saving).
- 75% company contribution for health insurance for employees and 50% for dependents.
- 100% company contribution for dental and vision.
- Flexible working hours.
- Hardware and tools of your choice
- Support for your career development with paid training, conferences, certifications, etc.