About the Role
We're looking for a Cloud Penetration Tester to perform security assessments against modern cloud environments, including AWS, Microsoft Azure, Google Cloud Platform, and related SaaS/IaaS/PaaS technologies. The ideal candidate combines a strong foundation in traditional penetration testing with hands-on experience identifying, exploiting, and communicating cloud-specific security risks.
What You'll Do
• Perform cloud-focused penetration tests against AWS, Azure, GCP, Microsoft 365, and cloud-connected environments
• Assess cloud identity and access management configurations, including IAM roles, service accounts, managed identities, Entra ID, federated identity, and OAuth applications
• Identify and exploit cloud misconfigurations, insecure permissions, exposed services, weak network controls, and insecure secrets management
• Conduct traditional penetration testing: external/internal network testing, web application and API testing, password attacks, phishing simulation support, and post-exploitation activities
• Evaluate cloud-native services including storage, serverless functions, containers, Kubernetes, CI/CD pipelines, and key management systems
• Perform attack path analysis to demonstrate realistic business impact — privilege escalation, lateral movement, data access, and persistence
• Write clear, accurate, and actionable reports with technical details, risk ratings, evidence, and remediation guidance
• Present findings to technical teams and executive stakeholders
• Stay current with emerging cloud attack techniques, offensive tooling, and cloud provider security features
Required Qualifications
• 3-5 years hands-on experience performing penetration tests, red team assessments, or offensive security testing
• Strong understanding of penetration testing methodologies: reconnaissance, enumeration, exploitation, privilege escalation, lateral movement, persistence, and reporting
• Practical experience with at least one major cloud provider: AWS, Azure, or GCP
• Understanding of cloud IAM concepts: users, groups, roles, policies, service principals, access keys, tokens, and privilege escalation paths
• Experience with web application and API security testing, including OWASP Top 10
• Familiarity with common offensive tools: Burp Suite, Nmap, Metasploit, Impacket, BloodHound, Responder, CrackMapExec/NetExec, and password auditing tools
• Experience with cloud CLIs and scripting: AWS CLI, Azure CLI, Google Cloud CLI, PowerShell, Python, or Bash
• Strong written and verbal communication skills
• Ability to work independently and manage assessment timelines
Preferred Qualifications
• Experience testing multiple cloud providers, especially AWS, Azure, GCP, and Microsoft 365
• Knowledge of Entra ID, Microsoft Graph, OAuth abuse, conditional access, enterprise applications, device code authentication, and consent grant attacks
• Experience with cloud privilege escalation, persistence, and post-exploitation techniques
• Experience with container, Kubernetes, and CI/CD security testing
• Familiarity with infrastructure as code: Terraform, CloudFormation, ARM/Bicep, or Kubernetes manifests
• Experience reviewing cloud security posture against CIS Benchmarks, MITRE ATT&CK, or NIST frameworks
• Experience developing custom tooling or automation in Python, PowerShell, Go, or Bash
• Relevant certifications: OSCP, OSEP, CRTO, GWAPT, AWS Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, or equivalent practical experience
• Experience writing technical blog posts, presenting research, contributing to tools, or developing security training content
You'll Thrive Here If You
• Can independently assess a cloud environment and identify realistic attack paths
• Can explain not just that a permission is dangerous — but how it could be abused and what impact it creates
• Balance automated tooling with manual analysis
• Write reports that are technically accurate, easy to understand, and useful to defenders
• Think like an attacker but communicate like a trusted advisor
Pay: $120,000.00 - $150,000.00 per year
Benefits:
• 401(k)
• Dental insurance
• Employee assistance program
• Health insurance
• Paid time off
• Parental leave
• Retirement plan
• Vision insurance
Application Question(s):
• Are you willing to complete a background check?
• How many years experience do you have with penetration testing?
• How many years experience do you have with Cloud environment penetration testing?
• Describe an instance where a tool you were using failed during a penetration test. How did you handle the failure?
• Describe some similarities and differences in how you approach testing different cloud providers such as, AWS, Azure, and GCP for security issues.
Work Location: Remote