Senior Penetration Tester
Share
Job Location:
Littleton, CO - USA
Monthly Salary:
Not Disclosed
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
CompanySummary
Somos is an innovative technology company that ensures that phone calls and text messages can be trusted. Consumersdontwant spammers and fraudsters to reach them through their devices and businessesdontwant their legitimate phone calls ignored. The solutionDeveloping stronger trusted digital identities. Andthatswhere you come in!
We are seeking a highly skilled Senior Penetration Tester to lead offensive security operations and strengthen our overall security posture. This role will drive red team exercises manage vulnerabilities across the enterprise oversee patch management initiatives and own all aspects of application security testing including SAST DAST and SCA. The ideal candidate will have a strong blend of technical expertise communication skills and the ability to collaborate across teams while providing clear guidance to both technical and non-technical stakeholders
Core Job Responsibilities & Accountabilities:
Offensive Security & Penetration Testing
- Lead and execute red team engagements emulating advanced threat actors to assess detection and response capabilities.
- Perform internal and external penetration testing across networks applications APIs cloud environments and physical security (as required).
- Develop and manage penetration testing methodologies tooling and reporting standards.
- Provide actionable remediation recommendations to engineering DevOps and IT teams.
Vulnerability Management & Patch Governance
- Oversee the end-to-end vulnerability management program including identification prioritization tracking and remediation validation.
- Partner with IT and application owners to drive timely patch management ensuring critical vulnerabilities are addressed within SLA.
- Continuously refine vulnerability scoring and risk-based prioritization models.
Application Security (AppSec)
- Own and maintain the organizations SAST DAST and SCA tooling and processes.
- Collaborate with development teams to integrate security testing into CI/CD pipelines.
- Review application architecture code and configurations to identify security gaps.
- Provide secure coding guidance and lead developer training sessions.
Audit & Compliance Support
- Assist in internal and external audits including SOC 2 ISO 27001 PCI FISMA or other relevant frameworks.
- Provide evidence documentation and subject-matter expertise during audit activities.
- Support remediation of audit findings and control improvements.
Essential Qualifications & Skills (Required):
- 8 years related experience including 5 years of experience in penetration testing red teaming or offensive security roles or an equivalent combination of education and experience.
- Strong knowledge of network web application and cloud security concepts.
- Security certifications such as CISSP CISA OSCP or CEH.
- Hands-on experience with penetration testing and red team toolsets (e.g. Burp Suite Cobalt Strike Metasploit Nessus Kali Linux BloodHound etc.).
- Experience running and managing SAST DAST and SCA tooling (e.g. Veracode Qualys GitHub Advanced Security WIZ SonarQube).
- Strong understanding of vulnerability scoring systems (CVSS) exploitability and risk management.
- Familiarity with common security standards (OWASP Top 10 NIST CSF MITRE ATT&CK).
- Ability to clearly communicate technical issues and risk to executives and technical team
Preferred Skills:
- Experience with cloud platforms (AWS Azure GCP).
- Background supporting compliance frameworks (SOC 2 ISO 27001 PCI etc.).
- Hands-on experience in secure SDLC and CI/CD toolchains.
- Proactive detail-oriented and self-driven.
- Strong analytical and problem-solving skills.
- Ability to work cross-functionally with Engineering IT Compliance and Leadership.
- Passionate about offensive security emerging threats and continuous improvement.
Salary and Benefits:
- Salary Range: $131000 - $145000
- 100% Company Paid Medical Dental and Vision insurance for you and your family!
- 401(k) Savings Plan with Employer Contribution
- 100% Company Paid Short- and Long-Term Disability
- 100% Company Paid Life Insurance
- Flexible Time Off program
- A Variety of Voluntary Benefits
This job description is not designed to cover or contain a comprehensive list of activities duties or responsibilities that are required of this position. Aspects of this job description may change at any time with or without notice.
This job description is not intended as and does not create an employment contract. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law.
Required Experience:
Senior IC
Key Skills
- Test Cases
- Performance Testing
- Quality Assurance
- Functional Testing
- Agile
- LoadRunner
- User Acceptance Testing
- Jira
- Software Testing
- Test Automation
- HP ALM
- Selenium
About Company
We’re in the business of protecting consumers and building trust in communications. From voice to messaging to fraud prevention and beyond, we are committed to developing innovative solutions ensuring that our ability to maintain trustworthy connections never stops.
