Offensive Security Analyst
RegionRemote
Job description
Job Description: - Triage, validate, and QA findings surfaced by Sprocket's automation. Reproduce, confirm true positives, and eliminate false positives before anything reaches a client.
- Author and refine findings to client-ready quality in the Sprocket voice, and publish them through the platform.
- Calibrate severity to real business impact against Sprocket's standards, judging real-world impact over theoretical.
- Handle roughly 90% of findings independently and make accurate handle-versus-escalate decisions using the platform workflow, escalating the hard 10% to an Adversarial Engineer with full context attached.
- Feed pattern-level signal back to R&D and the Adversarial Engineering team to tune attack automations and cut false positives at the source. You'll be one of the tightest feedback loops we have into R&D.
- Log validation notes, flag false-positive patterns, and contribute to the knowledge base.
- Script away repetitive validation steps wherever they appear.
- Partner with your fellow R&D team members and the Service Delivery team on the automation feedback loop and client-experience improvements.
- Seek to programmatically enhance automation pipeline with new or updated capabilities when triage is complete and capacity allows, pairing with an Adversarial Engineer as needed.
- Attend daily standups, weekly 1:1s, monthly company calls, and all-hands.
Requirements: - Demonstrated experience triaging or reproducing vulnerabilities surfaced by a security tool (vulnerability scanner, SAST/DAST/SCA/IAST, or similar automation) in a professional setting.
- Some software programming experience, Python preferred.
- Some exposure to utilizing Generative AI tools for day-to-day tasks, Claude preferred.
- A strong Development, IT, or Infosec foundation, paired with genuine, self-directed security study.
- Enough security depth to validate common vulnerability classes hands-on, including OWASP Top 10, network, and auth issues, not just name them.
- Clear, detail-oriented written communication that holds up under volume.
- The self-direction to manage a high-volume queue independently, without hourly guidance.
- Security+, eJPT, CPTS, PNPT, or a similar foundational credential (preferred).
- CTF achievements (HackTheBox, TryHackMe, PortSwigger Academy) (preferred).
- A degree in computer science, engineering, or IT (preferred).
- Genuine interest in working toward OSCP or an equivalent hands-on certification over time (preferred).
Benefits: - Unlimited and mandatory PTO for healthy work/life balance.
- Company matched 401k (immediate eligibility, no one should have to wait to start saving).
- 75% company contribution for health insurance for employees and 50% for dependents.
- 100% company contribution for dental and vision.
- Flexible working hours.
- Hardware and tools of your choice
- Support for your career development with paid training, conferences, certifications, etc.
first seen 2026-07-13 20:48:01 · last verified 2026-07-14 16:48:01
pentestcareers.com // breach the job market