Posted Jul 12, 2026

Cloud Penetration Tester

Apply Now →
About the Role We're looking for a Cloud Penetration Tester to perform security assessments against modern cloud environments, including AWS, Microsoft Azure, Google Cloud Platform, and related SaaS/IaaS/PaaS technologies. The ideal candidate combines a strong foundation in traditional penetration testing with hands-on experience identifying, exploiting, and communicating cloud-specific security risks. What You'll Do • Perform cloud-focused penetration tests against AWS, Azure, GCP, Microsoft 365, and cloud-connected environments • Assess cloud identity and access management configurations, including IAM roles, service accounts, managed identities, Entra ID, federated identity, and OAuth applications • Identify and exploit cloud misconfigurations, insecure permissions, exposed services, weak network controls, and insecure secrets management • Conduct traditional penetration testing: external/internal network testing, web application and API testing, password attacks, phishing simulation support, and post-exploitation activities • Evaluate cloud-native services including storage, serverless functions, containers, Kubernetes, CI/CD pipelines, and key management systems • Perform attack path analysis to demonstrate realistic business impact — privilege escalation, lateral movement, data access, and persistence • Write clear, accurate, and actionable reports with technical details, risk ratings, evidence, and remediation guidance • Present findings to technical teams and executive stakeholders • Stay current with emerging cloud attack techniques, offensive tooling, and cloud provider security features Required Qualifications • 3-5 years hands-on experience performing penetration tests, red team assessments, or offensive security testing • Strong understanding of penetration testing methodologies: reconnaissance, enumeration, exploitation, privilege escalation, lateral movement, persistence, and reporting • Practical experience with at least one major cloud provider: AWS, Azure, or GCP • Understanding of cloud IAM concepts: users, groups, roles, policies, service principals, access keys, tokens, and privilege escalation paths • Experience with web application and API security testing, including OWASP Top 10 • Familiarity with common offensive tools: Burp Suite, Nmap, Metasploit, Impacket, BloodHound, Responder, CrackMapExec/NetExec, and password auditing tools • Experience with cloud CLIs and scripting: AWS CLI, Azure CLI, Google Cloud CLI, PowerShell, Python, or Bash • Strong written and verbal communication skills • Ability to work independently and manage assessment timelines Preferred Qualifications • Experience testing multiple cloud providers, especially AWS, Azure, GCP, and Microsoft 365 • Knowledge of Entra ID, Microsoft Graph, OAuth abuse, conditional access, enterprise applications, device code authentication, and consent grant attacks • Experience with cloud privilege escalation, persistence, and post-exploitation techniques • Experience with container, Kubernetes, and CI/CD security testing • Familiarity with infrastructure as code: Terraform, CloudFormation, ARM/Bicep, or Kubernetes manifests • Experience reviewing cloud security posture against CIS Benchmarks, MITRE ATT&CK, or NIST frameworks • Experience developing custom tooling or automation in Python, PowerShell, Go, or Bash • Relevant certifications: OSCP, OSEP, CRTO, GWAPT, AWS Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, or equivalent practical experience • Experience writing technical blog posts, presenting research, contributing to tools, or developing security training content You'll Thrive Here If You • Can independently assess a cloud environment and identify realistic attack paths • Can explain not just that a permission is dangerous — but how it could be abused and what impact it creates • Balance automated tooling with manual analysis • Write reports that are technically accurate, easy to understand, and useful to defenders • Think like an attacker but communicate like a trusted advisor Pay: $120,000.00 - $150,000.00 per year Benefits: • 401(k) • Dental insurance • Employee assistance program • Health insurance • Paid time off • Parental leave • Retirement plan • Vision insurance Application Question(s): • Are you willing to complete a background check? • How many years experience do you have with penetration testing? • How many years experience do you have with Cloud environment penetration testing? • Describe an instance where a tool you were using failed during a penetration test. How did you handle the failure? • Describe some similarities and differences in how you approach testing different cloud providers such as, AWS, Azure, and GCP for security issues. Work Location: Remote