Bishop Fox is a leading provider of continuous offensive security and penetration testing services. We're seeking a Cloud Penetration Tester to join our team and help secure some of the world's most complex software and technologies.
Requirements
- 4+ years of experience in application security assessments, penetration testing, or offensive security engagements
- Strong understanding of application security fundamentals, modern attack techniques, and common vulnerabilities affecting web applications, APIs, mobile applications, and cloud-native environments
- Hands-on experience testing REST APIs, including authentication/authorization flaws, IDORs, injection vulnerabilities, session management issues, and business logic flaws
- Strength with AWS services and cloud security concepts, including IAM, STS, S3, Lambda, API Gateway, CloudTrail, CloudWatch, and secure communication patterns such as SigV4
- Solid understanding of networking and web fundamentals, including HTTP/HTTPS, TCP/IP, DNS, API communication flows, cookies, headers, and related concepts
- Experience reviewing source code for security issues in Java, C#, and Python applications
- Knowledge of secure coding principles and common risks such as SSRF, insecure deserialization, injection vulnerabilities, sensitive data exposure, and insecure cloud integrations
- Understanding of SDLC, CI/CD pipelines, and secure development practices
- Experience using security assessment and code review tools such as Burp Suite, Semgrep, Git, AWS CLI, and API testing/debugging tools
- Comfortable working across Linux, Windows, and macOS environments
- Experience or strong interest in AI/LLM security, including prompt injection, RAG risks, insecure integrations, excessive permissions, and the OWASP Top 10 for LLM Applications
- Strong written and verbal communication skills, with the ability to deliver clear, actionable findings and communicate technical risks to both technical and executive stakeholders
- Experience following structured testing methodologies, documentation standards, and validation/retesting workflows
- Strong collaboration and interpersonal skills when working with security, engineering, and client teams
- Ability to manage multiple concurrent engagements while maintaining high-quality deliverables and attention to detail
- Curious, adaptable, and professional mindset with a passion for continuous learning and emerging security trends
Benefits
- Generous Time Off and Company-Wide Holidays
- Team Events and International Travel Opportunities
- Work From Home Support
- Training Budget
- Saving Fund
- Food Coupons
- Health and Wellbeing programs
