Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Sprocket Security

Offensive Security Analyst

Sprocket Security

Offensive Security Analyst verifying and calibrating findings to improve automation at Sprocket Security. Working with R&D to cut false positives and enhance client deliverables.

Posted 7/13/2026full-timeRemote • 🇺🇸 United StatesMid-LevelSeniorWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates expertise in triaging and validating vulnerabilities using security tools, with a strong foundation in Development, IT, or Infosec. Proficient in Python programming and clear written communication, capable of managing high-volume tasks independently.

Highest-signal resume keywords
Vulnerability TriagePython ProgrammingGenerative AI UtilizationSecurity+ CertificationOWASP Top 10 Validation

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
Vulnerability TriagePython ProgrammingSecurity Tool ExperienceVulnerability ValidationAutomation ScriptingDetail-Oriented CommunicationSelf-DirectionSecurity DepthClient-Ready ReportingPattern Recognition
Soft Skills
Clear CommunicationSelf-DirectedDetail-OrientedCollaborativeProblem-Solving
Tools & Technologies
SASTDASTSCAIASTGenerative AI ToolsAutomation PlatformsVulnerability ScannersR&D Collaboration ToolsKnowledge Base SystemsClient Experience Platforms
Certifications & Qualifications
Security+EJPTCPTSPNPTOSCP (Pursued)
Industry Keywords
InfosecCybersecurityVulnerability ClassesOWASP Top 10CTF AchievementsAutomation Feedback LoopAdversarial EngineeringClient-Ready QualityHigh-Volume Queue ManagementReproducibility

Tech Stack

Tools & technologies
Python

About the role

Key responsibilities & impact
  • Triage, validate, and QA findings surfaced by Sprocket's automation. Reproduce, confirm true positives, and eliminate false positives before anything reaches a client.
  • Author and refine findings to client-ready quality in the Sprocket voice, and publish them through the platform.
  • Calibrate severity to real business impact against Sprocket's standards, judging real-world impact over theoretical.
  • Handle roughly 90% of findings independently and make accurate handle-versus-escalate decisions using the platform workflow, escalating the hard 10% to an Adversarial Engineer with full context attached.
  • Feed pattern-level signal back to R&D and the Adversarial Engineering team to tune attack automations and cut false positives at the source. You'll be one of the tightest feedback loops we have into R&D.
  • Log validation notes, flag false-positive patterns, and contribute to the knowledge base.
  • Script away repetitive validation steps wherever they appear.
  • Partner with your fellow R&D team members and the Service Delivery team on the automation feedback loop and client-experience improvements.
  • Seek to programmatically enhance automation pipeline with new or updated capabilities when triage is complete and capacity allows, pairing with an Adversarial Engineer as needed.
  • Attend daily standups, weekly 1:1s, monthly company calls, and all-hands.

Requirements

What you’ll need
  • Demonstrated experience triaging or reproducing vulnerabilities surfaced by a security tool (vulnerability scanner, SAST/DAST/SCA/IAST, or similar automation) in a professional setting.
  • Some software programming experience, Python preferred.
  • Some exposure to utilizing Generative AI tools for day-to-day tasks, Claude preferred.
  • A strong Development, IT, or Infosec foundation, paired with genuine, self-directed security study.
  • Enough security depth to validate common vulnerability classes hands-on, including OWASP Top 10, network, and auth issues, not just name them.
  • Clear, detail-oriented written communication that holds up under volume.
  • The self-direction to manage a high-volume queue independently, without hourly guidance.
  • Security+, eJPT, CPTS, PNPT, or a similar foundational credential (preferred).
  • CTF achievements (HackTheBox, TryHackMe, PortSwigger Academy) (preferred).
  • A degree in computer science, engineering, or IT (preferred).
  • Genuine interest in working toward OSCP or an equivalent hands-on certification over time (preferred).

Benefits

Comp & perks
  • Unlimited and mandatory PTO for healthy work/life balance.
  • Company matched 401k (immediate eligibility, no one should have to wait to start saving).
  • 75% company contribution for health insurance for employees and 50% for dependents.
  • 100% company contribution for dental and vision.
  • Flexible working hours.
  • Hardware and tools of your choice
  • Support for your career development with paid training, conferences, certifications, etc.