Job Description: Penetration Tester

Employment Type: Full-time

Position Overview

CrowdStrike, a global leader in cybersecurity, is seeking a skilled Penetration Tester to join our team. This role is responsible for conducting developmental and operational penetration testing for our product and online properties. We are looking for an individual with expertise in manual and automated web application penetration testing, possessing the knowledge to breach security defenses. The ideal candidate will have at least two years of experience performing penetration tests using a mix of commercial, open-source, and custom tools. A strong understanding of network protocols, server, and web application weaknesses is essential. The successful candidate will also demonstrate excellent communication skills and provide a high level of security expertise within a complex distributed environment.

Responsibilities

• Perform comprehensive penetration testing assessments across the organization.
• Manage the entire lifecycle of penetration testing findings, including discovery, triage, advising, remediation, and validation.
• Collaborate with various business units to conduct penetration testing assessments on systems or applications prior to go-live rollouts.
• Examine systems and applications to evaluate their current security posture.
• Manage penetration testing related tickets to ensure timely remediation of issues.
• Advocate for security best practices throughout the organization.

Requirements

• Advanced knowledge of server and client operating systems.
• Extensive computer skills with a strong understanding of networking, cryptography, web applications, databases, and wireless technologies.
• Ability to prioritize impactful findings and drive them to remediation.
• Experience working with Mac, Windows, Linux, and/or other Unix-like variants.
• Extensive understanding of TCP, UDP, HTTP, IP, and other network protocols.
• Detailed understanding of vulnerability triage using CVSS calculators and the ability to validate security-related findings.
• Ability to work independently.
• Proactive and driven attitude to solve challenging problems.
• Keeps abreast of current vulnerabilities and vulnerability-related news across various industries.
• Ability to automate and script tasks using preferred languages (e.g., GoLang, Python, Ruby, Perl, BASH).
• Ability to work remotely with teammates across the organization and maintain healthy working relationships.
• Clear thinking capabilities.

Bonus Points

• Familiarity with the OWASP Top 10 list.
• Experience working with cloud technologies (AWS, GCP, Azure, Kubernetes, or Docker).
• Experience with infrastructure as code tools (e.g., Terraform, Ansible).
• Experience with container technologies.
• Familiarity with common threat actor tools, techniques, and procedures (TTPs), attack kill chains, and security control evasion.
• Experience executing effective email phishing campaigns, including custom domains, website hosting, payload delivery, and credential harvesting.
• Ability to utilize and write scripts against common web APIs (REST, SOAP).
• Knowledge of cloud platforms and highly concurrent systems.
• Knowledge of build pipelines and CI tools.

About CrowdStrike

As a global leader in cybersecurity, CrowdStrike protects the people, processes, and technologies that drive modern organizations. Since 2011, our mission has remained constant: to stop breaches. We have redefined modern security with the world's most advanced AI-native platform. Our customers span all industries, and they rely on CrowdStrike to keep their businesses running, their communities safe, and their lives moving forward. We are a mission-driven company that cultivates a culture offering every CrowdStriker the flexibility and autonomy to own their careers. We are always looking to add talented individuals who possess limitless passion, a relentless focus on innovation, and a fanatical commitment to our customers, our community, and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.