Remote Penetration Tester jobs Jobs in Eagle Pass, Texas | Remote Work From Home
Job Title & Location
Remote Penetration Tester (Remote)
– flexible hours aligned with our core schedule in
Eagle Pass, Texas
Our product line just hit the market‑ready milestone, and the surge of external integrations has opened a new attack surface that we need to lock down, fast. That’s why we’re expanding the red‑team now – to make sure the security we promise to customers in
Eagle Pass, Texas
and beyond actually works. --- ## The Reality of This Role When you join our security squad, you’ll be stepping into a team that grew from five engineers to fifteen in the last twelve months, and we’re still adding more talent to keep up with the 30 % month‑over‑month increase in inbound audit requests. Our recent Series B round gave us the runway to launch three SaaS modules in the next quarter, each exposing new APIs that need to be vetted before any public release. You’ll be reporting to Maya, our Lead Application Security Engineer, who spends her mornings in
Eagle Pass, Texas
reviewing threat models and her afternoons on calls with the product managers in
Eagle Pass, Texas
. Your day‑to‑day will be a blend of hands‑on testing, writing clear remediation notes, and pushing back on design decisions that could become security liabilities. Collaboration is async but far from isolated. We run a weekly “War Room” on Thursday mornings, where the whole penetration team – five senior testers, two junior analysts, and a rotating security‑ops liaison – breaks down the latest findings from the past sprint. We also have a “bug‑bounty triage” channel that streams directly into our JIRA board, so the feedback loop from external researchers reaches us within 48 hours. The biggest challenge? Balancing depth and speed. Our product releases happen on a two‑week cadence, meaning you’ll often have a 72‑hour window to complete a full‑stack engagement from reconnaissance to final report. It’s intense, but the sense of seeing a vulnerability patched before a customer ever sees it is why we love the work. --- ## What You’ll Actually Do -
Own
end‑to‑end penetration engagements for our web, mobile, and cloud services, delivering a full report within the SLA of 72 hours for each sprint. -
Execute
reconnaissance with Nmap, Masscan, and Amass, then map the attack surface in real‑time using Burp Suite and OWASP ZAP. -
Develop
custom exploit scripts in Python or PowerShell to validate findings, and integrate them into our CI pipeline via GitLab CI. -
Run
credential‑dumping and lateral‑movement simulations on our AWS and Azure environments using BloodHound, Cobalt Strike, and Metasploit, measuring time‑to‑pivot and reporting the median of 4 hours across recent engagements. -
Automate
routine scans with Nessus and OpenVAS, scheduling them nightly and tracking coverage metrics; we aim for 95 % of our assets scanned at least once per week. -
Collaborate
with the DevSecOps crew in
Eagle Pass, Texas
to embed security controls directly into Docker images and Helm charts, reducing remediation time by 30 % over the last quarter. -
Mentor
two junior penetration analysts, reviewing their findings, guiding their tool selection, and co‑authoring a “Pentest Playbook” that now lives in our internal Confluence space. -
Present
findings to product owners and executives in
Eagle Pass, Texas
during sprint review meetings, translating complex technical detail into business‑impact narratives that drive immediate action. -
Track
key performance indicators: average time‑to‑report (target 85 % within the sprint), and false‑positive rate (target < 5 %). -
Participate
in the monthly bug‑bounty triage, reviewing external submissions, reproducing them in a sandbox, and assigning severity levels using CVSS v3.1. -
Contribute
to our open‑source security tooling, pushing patches to a public repository on GitHub that currently has 1.2k stars and is referenced in three industry‑wide talks we gave in
Eagle Pass, Texas
last year. -
Stay current
with the latest threat intel feeds—AlienVault OTX, MITRE ATT&CK, and emerging CVEs—feeding relevant findings back into our threat‑modeling sessions every week. --- ## Skills That Truly Matter
Must‑have
- 3+ years of hands‑on penetration testing experience (red‑team or consultancy) with a track record of full‑cycle engagements. - Proficiency with Metasploit, Burp Suite, Nmap, Wireshark, and Kali Linux. - Strong scripting skills in Python, Bash, or PowerShell for proof‑of‑concept development. - Familiarity with cloud security testing on AWS and Azure, including IAM, S3 bucket misconfigurations, and container security. - Ability to write clear, concise reports that include CVSS scores, risk ratings, and remediation steps.
Nice‑to‑have
- Certifications such as OSCP, OSCE, or GPEN (not a deal‑breaker, but will open doors). - Experience with Cobalt Strike or BloodHound for post‑exploit activities. - K