Remote Penetration Tester jobs Jobs in Eagle Pass, Texas | Remote Work From Home

**Job Title & Location** **Remote Penetration Tester (Remote)** – flexible hours aligned with our core schedule in **Eagle Pass, Texas** Our product line just hit the market‑ready milestone, and the surge of external integrations has opened a new attack surface that we need to lock down, fast. That’s why we’re expanding the red‑team now – to make sure the security we promise to customers in **Eagle Pass, Texas** and beyond actually works. --- ## The Reality of This Role When you join our security squad, you’ll be stepping into a team that grew from five engineers to fifteen in the last twelve months, and we’re still adding more talent to keep up with the 30 % month‑over‑month increase in inbound audit requests. Our recent Series B round gave us the runway to launch three SaaS modules in the next quarter, each exposing new APIs that need to be vetted before any public release. You’ll be reporting to Maya, our Lead Application Security Engineer, who spends her mornings in **Eagle Pass, Texas** reviewing threat models and her afternoons on calls with the product managers in **Eagle Pass, Texas**. Your day‑to‑day will be a blend of hands‑on testing, writing clear remediation notes, and pushing back on design decisions that could become security liabilities. Collaboration is async but far from isolated. We run a weekly “War Room” on Thursday mornings, where the whole penetration team – five senior testers, two junior analysts, and a rotating security‑ops liaison – breaks down the latest findings from the past sprint. We also have a “bug‑bounty triage” channel that streams directly into our JIRA board, so the feedback loop from external researchers reaches us within 48 hours. The biggest challenge? Balancing depth and speed. Our product releases happen on a two‑week cadence, meaning you’ll often have a 72‑hour window to complete a full‑stack engagement from reconnaissance to final report. It’s intense, but the sense of seeing a vulnerability patched before a customer ever sees it is why we love the work. --- ## What You’ll Actually Do - **Own** end‑to‑end penetration engagements for our web, mobile, and cloud services, delivering a full report within the SLA of 72 hours for each sprint. - **Execute** reconnaissance with Nmap, Masscan, and Amass, then map the attack surface in real‑time using Burp Suite and OWASP ZAP. - **Develop** custom exploit scripts in Python or PowerShell to validate findings, and integrate them into our CI pipeline via GitLab CI. - **Run** credential‑dumping and lateral‑movement simulations on our AWS and Azure environments using BloodHound, Cobalt Strike, and Metasploit, measuring time‑to‑pivot and reporting the median of 4 hours across recent engagements. - **Automate** routine scans with Nessus and OpenVAS, scheduling them nightly and tracking coverage metrics; we aim for 95 % of our assets scanned at least once per week. - **Collaborate** with the DevSecOps crew in **Eagle Pass, Texas** to embed security controls directly into Docker images and Helm charts, reducing remediation time by 30 % over the last quarter. - **Mentor** two junior penetration analysts, reviewing their findings, guiding their tool selection, and co‑authoring a “Pentest Playbook” that now lives in our internal Confluence space. - **Present** findings to product owners and executives in **Eagle Pass, Texas** during sprint review meetings, translating complex technical detail into business‑impact narratives that drive immediate action. - **Track** key performance indicators: average time‑to‑report (target 85 % within the sprint), and false‑positive rate (target < 5 %). - **Participate** in the monthly bug‑bounty triage, reviewing external submissions, reproducing them in a sandbox, and assigning severity levels using CVSS v3.1. - **Contribute** to our open‑source security tooling, pushing patches to a public repository on GitHub that currently has 1.2k stars and is referenced in three industry‑wide talks we gave in **Eagle Pass, Texas** last year. - **Stay current** with the latest threat intel feeds—AlienVault OTX, MITRE ATT&CK, and emerging CVEs—feeding relevant findings back into our threat‑modeling sessions every week. --- ## Skills That Truly Matter **Must‑have** - 3+ years of hands‑on penetration testing experience (red‑team or consultancy) with a track record of full‑cycle engagements. - Proficiency with Metasploit, Burp Suite, Nmap, Wireshark, and Kali Linux. - Strong scripting skills in Python, Bash, or PowerShell for proof‑of‑concept development. - Familiarity with cloud security testing on AWS and Azure, including IAM, S3 bucket misconfigurations, and container security. - Ability to write clear, concise reports that include CVSS scores, risk ratings, and remediation steps. **Nice‑to‑have** - Certifications such as OSCP, OSCE, or GPEN (not a deal‑breaker, but will open doors). - Experience with Cobalt Strike or BloodHound for post‑exploit activities. - Knowledge of CI/CD security (SAST/DAST integration) and familiarity with GitLab or Jenkins pipelines. - Previous participation in public bug‑bounty programs or community CTFs. - Understanding of regulatory frameworks (PCI‑DSS, HIPAA) that affect customers in **Eagle Pass, Texas**. **Interpersonal** - Comfortable speaking to non‑technical stakeholders in **Eagle Pass, Texas**, turning technical risk into plain‑language business impact. - A mindset that looks for the “why” behind each vulnerability, not just the “how.” - Ability to juggle multiple engagements while keeping clear documentation in our shared Confluence space. --- ## Standout Extras - Published a research paper on “Bypassing CSP in Modern Browsers” that was accepted at the Black Hat USA conference. - Regular speaker at the local OWASP chapter in **Eagle Pass, Texas**, mentoring the next wave of security talent. - Built an internal “Auto‑Pwn” framework that reduced manual exploit time by 40 % across our last three releases. - Contributed code to the open‑source “WAF‑Bypass” library, now used by over 200 security teams worldwide. - Led a university‑level Capture‑The‑Flag team that won the regional qualifier two years in a row. --- ## Compensation & Benefits - **Base salary:** $115,000 – $155,000 USD, calibrated to experience and proven impact. - **Performance bonus:** up to 12 % of base, tied to meeting SLA and remediation KPIs. - **Home‑office stipend:** $1,200 per year for ergonomic gear, broadband upgrades, or a standing desk. - **Learning budget:** $2,500 annual allowance for conferences, certifications, or subscription services (e.g., O’Reilly, Pluralsight). - **401(k) match:** up to 5 % of your contributions, fully vested after one year. - **Health coverage:** medical, dental, and vision plans covering 95 % of premiums for employees and 80 % for dependents. - **Paid time off:** 20 days per year, plus the standard US holidays; we also grant an extra “Security Sprint” day after every major product launch to recharge. --- ## Growth & Culture In the first six months, you’ll be expected to run at least three full‑cycle engagements, each hitting the 72‑hour reporting SLA. By the end of year one, we see most senior testers taking ownership of a specific product line—whether that’s our API gateway, our mobile SDK, or the SaaS analytics dashboard—becoming the go‑to security voice for that domain. From there, the path branches: you can deepen your expertise and become a **Principal Penetration Engineer**, leading cross‑team threat‑modeling workshops and shaping our overall security strategy; or you can pivot into **Security Architecture**, translating pentest findings into design patterns that our engineers in **Eagle Pass, Texas** adopt from day one. Our culture is built on transparency and async collaboration. Most of us are in the **Eagle Pass, Texas** time zone, so core overlap is from 9 am to 3 pm PT, but you’ll have the freedom to work whenever you’re most productive, as long as you meet our response‑time expectations. We run all meetings in a “record‑then‑share” format, so teammates across the globe can catch up on their own schedule. Mentorship is formalized: every quarter you’ll have a 1:1 with Maya to discuss technical growth, career aspirations, and any blockers you’re hitting. We also run a monthly “Security Book Club” where we dissect a paper or blog post, often choosing topics that affect our customers in **Eagle Pass, Texas**. --- ## Interview Process 1. **Screening Call (30 min)** – with our Recruiter, covering background, work style, and basic logistics. 2. **Technical Phone (45 min)** – a live walkthrough of a recent pentest scenario, focusing on methodology rather than memorized answers; you’ll have access to a shared VM. 3. **Take‑Home Exercise (4 hrs, 48‑hour turnaround)** – a short engagement on a purposely vulnerable web app; we’ll review your findings, the scripts you wrote, and how you communicated risk. 4. **Panel Interview (60 min)** – with Maya, a senior developer from **Eagle Pass, Texas**, and a product manager; we discuss your report, dive into past experiences, and answer any questions you have about the role. 5. **Culture Chat (30 min)** – informal conversation with a member of our People Ops team about work‑life balance, remote policies, and our approach to continuous learning. We aim to move from the first call to an offer in under three weeks, and we provide feedback after each step. If you don’t tick every box but feel excited about the mission, we still want to hear from you. --- ## Closing We are an equal‑opportunity employer. Our commitment to inclusion means we evaluate every candidate on the merit of their experience, ideas, and potential—no matter their background, gender, ethnicity, or veteran status. If you’ve ever stayed up late to craft an exploit because the deadline was looming, if you love translating technical risk into language that a product owner in **Eagle Pass, Texas** can act on, and if you’re ready to protect a growing customer base while sharpening your own skills, we’d love to hear your story. --- *“Security isn’t just a checklist. It’s the feeling you get when a teammate says ‘I was able to ship because you caught that edge case,’ and you realize you helped them sleep a little better at night.”* – Maya, Lead Application Security Engineer. Apply tot his job