Offensive Security Analyst

Sprocket Security·Remote, Oregon·Posted 21h ago·via Talent.com

RegionRemote
Apply Now

Job description

Job Description: - Triage, validate, and QA findings surfaced by Sprocket's automation. Reproduce, confirm true positives, and eliminate false positives before anything reaches a client.

  • Author and refine findings to client-ready quality in the Sprocket voice, and publish them through the platform.
  • Calibrate severity to real business impact against Sprocket's standards, judging real-world impact over theoretical.
  • Handle roughly 90% of findings independently and make accurate handle-versus-escalate decisions using the platform workflow, escalating the hard 10% to an Adversarial Engineer with full context attached.
  • Feed pattern-level signal back to R&D and the Adversarial Engineering team to tune attack automations and cut false positives at the source. You'll be one of the tightest feedback loops we have into R&D.
  • Log validation notes, flag false-positive patterns, and contribute to the knowledge base.
  • Script away repetitive validation steps wherever they appear.
  • Partner with your fellow R&D team members and the Service Delivery team on the automation feedback loop and client-experience improvements.
  • Seek to programmatically enhance automation pipeline with new or updated capabilities when triage is complete and capacity allows, pairing with an Adversarial Engineer as needed.
  • Attend daily standups, weekly 1:1s, monthly company calls, and all-hands.

Requirements: - Demonstrated experience triaging or reproducing vulnerabilities surfaced by a security tool (vulnerability scanner, SAST/DAST/SCA/IAST, or similar automation) in a professional setting.

  • Some software programming experience, Python preferred.
  • Some exposure to utilizing Generative AI tools for day-to-day tasks, Claude preferred.
  • A strong Development, IT, or Infosec foundation, paired with genuine, self-directed security study.
  • Enough security depth to validate common vulnerability classes hands-on, including OWASP Top 10, network, and auth issues, not just name them.
  • Clear, detail-oriented written communication that holds up under volume.
  • The self-direction to manage a high-volume queue independently, without hourly guidance.
  • Security+, eJPT, CPTS, PNPT, or a similar foundational credential (preferred).
  • CTF achievements (HackTheBox, TryHackMe, PortSwigger Academy) (preferred).
  • A degree in computer science, engineering, or IT (preferred).
  • Genuine interest in working toward OSCP or an equivalent hands-on certification over time (preferred).

Benefits: - Unlimited and mandatory PTO for healthy work/life balance.

  • Company matched 401k (immediate eligibility, no one should have to wait to start saving).
  • 75% company contribution for health insurance for employees and 50% for dependents.
  • 100% company contribution for dental and vision.
  • Flexible working hours.
  • Hardware and tools of your choice
  • Support for your career development with paid training, conferences, certifications, etc.

first seen 2026-07-13 20:48:01 · last verified 2026-07-14 16:48:01


pentestcareers.com // breach the job market