Full-Time
Senior Penetration Tester
Service Delivery
Posted on 9/26/2024
Sprocket Security
11-50 employees
Offensive security with continuous risk monitoring
No salary listed
No H1B Sponsorship
Remote in USA
Remote
Preferred proximity to Madison, WI; United States resident.
 IT & Security (1) |
|---|
- Seven or more years of hands-on penetration testing experience.
- Five or more years of hands-on Web App penetration testing experience.
- Two or more years of hands-on Network penetration testing experience.
- Adversary Simulation experience.
- Detailed knowledge of identifying and exploiting vulnerabilities in Windows, Linux, and cloud-based systems.
- Programming experience in Ruby, Python, Bash. Bonus (C#, JavaScript, terraform, ansible).
- Clear and concise verbal and written skills.
- United States resident
- Perform web application testing methodologies at scale.
- Perform network and wireless testing methodologies at scale.
- Discover newly exploitable systems across our fleet of clients. It's fun to test that new vulnerability the day it's released!
- Build payloads and C2 infrastructure that evades defenses.
- Mimic tactics and techniques used by real-world adversaries.
- Show impact with post-exploitation activities.
- Manage our platform by conducting tasks, write findings, and work with clients to help detect and prevent.
- Develop tools and contribute to our automated infrastructure. You'll commonly program in the following languages: Ruby, Python, PowerShell, C# Bash, etc.
- Advanced usage of the following tools: Burp Suite Pro, Nessus, Metasploit, CobaltStrike, etc.
- Manage project lifecycles and present professionally to clients. Kickoff calls, debriefs, etc.
- Work closely with development teams to migrate human-driven tasks into automation.
- Work with AWS, Azure, terraform, ansible, and gitlab pipelines.
- OSCP or equivalent skills-based certification mandatory, or will need to obtain within 12 months of employment.
- Has industry involvement by contributes research, open-source projects, or public speaking
- Experience managing or working with management on security projects and teams. Bonus if CISSP certified.
- Remote work acceptable.
- Preferred proximity to Madison, WI
Sprocket Security delivers continuous penetration testing for enterprises, combining ongoing offensive security assessments with real-time risk monitoring and remediation. It uses a hybrid model that blends human security experts with automated systems to run adversary simulations and attack surface management on an ongoing basis, all billed via a subscription. The product works by continuously testing an organization’s defenses, monitoring for new risks in real time, and providing guided remediation to reduce exposure, rather than performing one-off tests. This approach sets the company apart from competitors by offering year-round, persistent testing and monitoring instead of periodic checks, ensuring vulnerabilities are addressed proactively. The goal is to help enterprises maintain a strong, resilient cybersecurity posture by continuously identifying and mitigating threats before they can be exploited.
Company Size
11-50
Company Stage
Series A
Total Funding
$8M
Headquarters
Madison, Wisconsin
Founded
2017
Simplify's Take
What believers are saying
- 75% of enterprises shifting to continuous threat exposure management by 2026 aligns perfectly.
- 40% rise in sophisticated adversary simulations in hybrid cloud environments drives demand.
- 60% of CISOs prioritizing attack surface management with real-time remediation in 2026 budgets.
What critics are saying
- Cobalt.io and larger competitors erode market share with similar offerings and established clients.
- AI-powered automation from startups like Pentera threatens to obsolete human-driven testing model.
- Bluesight and Hacken undercut pricing with aggressive managed services, squeezing subscription margins.
What makes Sprocket Security unique
- Hybrid model combines human penetration testers with automation for continuous year-round testing.
- Expert-driven platform includes adversary simulations and social engineering across voice, SMS, chat channels.
- Real-time change detection triggers immediate security testing upon asset or network modifications.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Unlimited Paid Time Off
401(k) Company Match
401(k) Retirement Plan
Health Insurance
Dental Insurance
Vision Insurance
Flexible Work Hours
Professional Development Budget
Conference Attendance Budget
Growth & Insights and Company News
6 month growth
↓ -6%1 year growth
↓ -2%2 year growth
↑ 29%Sprocket Security appoints Eric Sheridan as Chief Technology Officer. Veteran cybersecurity leader brings decades of experience and patented innovation to advance the next generation of proactive security solutions. Sprocket Security today announced the appointment of Eric Sheridan as Chief Technology Officer (CTO). In this role, Sheridan will lead the company's technology vision and execution, accelerating innovation and advancing Sprocket Security's mission to deliver proactive cybersecurity solutions that help organizations stay ahead of evolving threats. Sheridan brings decades of experience in cybersecurity and software engineering, with a career dedicated to building forward-looking security platforms designed to anticipate and prevent attacks before they occur. He holds numerous patents, reflecting a long-standing record of technical innovation and a proven ability to translate advanced research into practical, high-impact security solutions. "Eric's leadership and technical depth are exactly what we need as we continue to scale and innovate," said Casey Cammilleri, CEO at Sprocket Security. "His experience building proactive security technologies and his ability to consistently deliver industry-defining solutions will be instrumental as we push beyond today's standards and outpace the cybersecurity industry." As CTO, Sheridan will oversee Sprocket Security's engineering and product strategy, guiding the development of next-generation proactive cybersecurity capabilities. His focus will include advancing the company's core platform, fostering innovation across teams, and ensuring Sprocket Security remains at the forefront of emerging security challenges. "I'm excited to join Sprocket Security at such a pivotal time," said Sheridan. "The opportunity to build the next wave of proactive cybersecurity solutions that fundamentally change how organizations defend themselves - is incredibly compelling. I look forward to helping the team continue to innovate and lead the industry forward." With Sheridan's appointment as CTO, Sprocket Security signals its continued focus on developing security technology aimed at addressing evolving cybersecurity threats. About Sprocket Security Sprocket Security provides an expert-driven offensive security platform that proactively identifies, verifies, and simulates threats, ensuring its clients' digital environments remain secure. Unlike legacy penetration testing, Sprocket's continuous approach delivers real-time insights and adaptive security measures, giving businesses the confidence to move quickly while reliably preventing potential threats.
Sprocket Security launches 'Ahead of the Breach' podcast.
Blueprint Equity's Vice President John Bonhard, will join Sprocket's Board of Directors.
Sprocket Security, the pioneer in continuous penetration testing, secures $8 million Series A financing Led by Blueprint Equity.
Sprocket Security raises $8M to enhance cybersecurity penetration testing platform - SiliconANGLE