sprocketsecurity logo

Offensive Security Analyst

Sprocket Security

Remote

Offensive Security

Posted 7 hours ago

midremote

Relevant certifications

OSCPCompTIA Security+

Job Description

Company Mission – Our mission is to help secure as many companies as possible, by using the best way of doing so: penetration testing. Sprocket Security prioritizes offensive security for enterprises, empowering them to build robust defense strategies based on individual business risk.

How – At Sprocket Security, we've built an expert-driven Continuous Penetration Testing platform that blends cutting-edge automated and manual testing methods.

Your Mission – You are the human judgment layer at the front of our offensive automation pipeline. You decide what's real, get severity right, and make sure every finding reads like Sprocket wrote it before it ever reaches a client.

Responsibilities:

  • Triage, validate, and QA findings surfaced by Sprocket's automation. Reproduce, confirm true positives, and eliminate false positives before anything reaches a client.
  • Author and refine findings to client-ready quality in the Sprocket voice, and publish them through the platform.
  • Calibrate severity to real business impact against Sprocket's standards, judging real-world impact over theoretical.
  • Handle roughly 90% of findings independently and make accurate handle-versus-escalate decisions using the platform workflow, escalating the hard 10% to an Adversarial Engineer with full context attached.
  • Feed pattern-level signal back to R&D and the Adversarial Engineering team to tune attack automations and cut false positives at the source. You'll be one of the tightest feedback loops we have into R&D.
  • Log validation notes, flag false-positive patterns, and contribute to the knowledge base.
  • Script away repetitive validation steps wherever they appear.
  • Partner with your fellow R&D team members and the Service Delivery team on the automation feedback loop and client-experience improvements.
  • Seek to programmatically enhance automation pipeline with new or updated capabilities when triage is complete and capacity allows, pairing with an Adversarial Engineer as needed.
  • Attend daily standups, weekly 1:1s, monthly company calls, and all-hands.

Requirements:

Minimum:

  • Demonstrated experience triaging or reproducing vulnerabilities surfaced by a security tool (vulnerability scanner, SAST/DAST/SCA/IAST, or similar automation) in a professional setting.
  • Some software programming experience, Python preferred.
  • Some exposure to utilizing Generative AI tools for day-to-day tasks, Claude preferred.
  • A strong Development, IT, or Infosec foundation, paired with genuine, self-directed security study.
  • Enough security depth to validate common vulnerability classes hands-on, including OWASP Top 10, network, and auth issues, not just name them.
  • Clear, detail-oriented written communication that holds up under volume.
  • The self-direction to manage a high-volume queue independently, without hourly guidance.

Preferred:

  • Security+, eJPT, CPTS, PNPT, or a similar foundational credential.
  • CTF achievements (HackTheBox, TryHackMe, PortSwigger Academy).
  • A degree in computer science, engineering, or IT.
  • Genuine interest in working toward OSCP or an equivalent hands-on certification over time.

Benefits:

  • Unlimited and mandatory PTO for healthy work/life balance.
  • Company matched 401k (immediate eligibility, no one should have to wait to start saving).
  • 75% company contribution for health insurance for employees and 50% for dependents.
  • 100% company contribution for dental and vision.
  • Flexible working hours.
  • Hardware and tools of your choice
  • Support for your career development with paid training, conferences, certifications, etc.

Apply for this position

Not ready to apply?

Get weekly alerts for new Offensive Security jobs:

Share your cyber salary

Anonymous. No login, no name. Helps everyone see real pay by role and country.

Hiring for a role like this?

Reach cybersecurity professionals browsing the board - your listing goes live instantly.

Post a job →

Related cybersecurity jobs

sprocketsecurity logo
Posted Jan 23Apply
sprocketsecurity logo

Sprocket Security

Offensive SecurityRemote
Posted Jan 16Apply
sprocketsecurity logo

Sprocket SecurityAny State in Central, Eastern or Mountain Time Zone

Solutions EngineeringRemote
Posted Aug 7Apply

Stay ahead of the curve. Get new infosec jobs in your inbox.