Security Analyst

Synack’s Penetration Testing as a Service platform manages customers’ attack surfaces by discovering new assets pentesting for critical vulnerabilities and gaining visibility into the root causes of security risks. We are committed to making the world more secure by harnessing a talented vetted community of security researchers to deliver continuous penetration testing and vulnerability management with actionable results. Synack's PTaaS platform has uncovered more than 71000 exploitable vulnerabilities to date protecting a growing list of Global 2000 customers and U.S. agencies in a FedRAMP Moderate Authorized environment. For more information please visit www.synack.com .

As the demand for cybersecurity grows so does Synack’s Vulnerability Operations team! If you are pursuing a career in cybersecurity specifically in offensive security we encourage you to apply for our internship. This is a part-time temporary position lasting 6 months.

Sounds interesting? Keep reading...

Here’s what you'll do

• Assist the Vulnerability Operations team with the review and acceptance of Missions Patch Verifications and vulnerability reports

• Bypass customer patch attempts create suspected vulnerability reports and exploit real world vulnerabilities

• Work remotely with seasoned Computer Security Analysts

• Learn what it's like to review complex vulnerability reports

Here's what you'll need

• Strong written and verbal communication skills

• Basic understanding of various Computer Security topics particularly offensive cyber subjects

• Course work in offensive security (not necessarily at a University) hackathons CTF participation and any of the following lab/live testing:

  • Portswigger Academy

  • HackTheBox.eu

  • TryHackMe

  • Or any other Offensive Security Lab platform

• Operational hands-on knowledge of web application vulnerabilities and how to exploit them via Labs CTFs certifications or prior work experience is not required but highly recommended

• A clear understanding of the OSI model TCP/IP and CVSS Scoring

• Coursework and/or lab work towards obtaining CEH GPEN EJPT OSCP a plus

• Basic understanding of OWASP top ten

• Creative problem solving acumen

• Enthusiasm to build an offensive cyber career and a positive can-do attitude!

• Due to Federal Government contract requirements candidates must be a citizen of the United States

Yes there will be a pop quiz! All candidates that advance to the technical portion of the interview process must be prepared to take a basic technical assessment to demonstrate practical application of required skills. The technical portion will be conducted after the verbal technical interview.  Here is how you can know if you are prepared:

• Have the right tools for the job!

  • Burp Suite (any) or similar proxy tool such as Zap fully working and configured with your browser.

  • Browser Inspect and/or debugger

• Be prepared to share your screen.

• Be prepared to describe your methodology and thought process as you work through the challenges in real-time.

• Be able to demonstrate proper enumeration and testing processes.

• Be able to demonstrate a working knowledge of the tools being used.

Ready to join us?

Synack is committed to embracing diversity. Our people are our strength.  Each addition to our team is an opportunity to grow and diversify our ideas experiences and viewpoints. We strive to be inclusive of Race Ethnicity Religion Sex LGBTQ+ Veterans Disabilities and Age.  Synack welcomes you!

As a candidate Synack cares about your privacy. Please view our candidate privacy policy here .

$25/hr Salary is determined by a combination of factors including location level relevant experience and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity and benefits. For more details about our benefits please see here . Then for the Employer code enter: synack