Cobalt
Cobalt Core Pentester - US Remote-Only
Job Summary
The role involves performing manual penetration testing of web applications, APIs, networks, and mobile applications, with a focus on identifying security vulnerabilities such as those listed in the OWASP Top 10. Candidates should have at least three years of pentesting or related experience, strong understanding of application security, and effective communication skills. The position requires collaboration within a team, detailed documentation of findings, and participation in projects that aim to improve internet security. It is a part-time, freelance role available exclusively to pentesters residing in the USA.
Required Skills
Benefits
Job Description
Who We Are
The Cobalt Core is a community of highly skilled security pentesters who are passionate about what they do and strive to deliver quality work. This curated community is made up of security professionals with years of experience as well as talented pentesters who are eager to hone their trade and showcase their skills. They all have a strong drive to keep up-to-date on the latest vulnerabilities and exploits, and the tools and methodologies to find them.
Cobalt Core members believe that sharing ideas and collaborating with peers is the best way to achieve great results.
If you believe you would be a good fit to join the Cobalt Core, and are eager to contribute to the community and participate in the pentests running on the Cobalt platform, please apply.
Who You Are
- Based in the USA
- Minimum of 3+ years of Pentesting or similar experience (mid-level)
- Professional demeanor
- Respectful towards others
- Take pride in the work you produce
- Strong work ethic with attention to detail
- Desire to be an expert within your field
- Deep understanding of application security
- Ability to communicate effectively
- Collaborative spirit
What You'll Do
- Perform manual penetration testing of web applications, APIs, internal and external networks, iOS and Android mobile applications
- Work as a member of a pentest team, collaborating and engaging directly with the client
- Document in detail the results of assessments, audits, tests, and verification activities
- Perform manual validation of vulnerabilities
- Perform mobile and web app pentesting for OWASP top 10 vulnerabilities.
- The following certifications are a plus:
- CREST, PenTest+, GPEN, CEH, OSCP, AWS, CISSP, eCPPT, eWAPT, OSCE, OSWE
- Please note that this is a freelance, part-time position available only to Pentesters residing within the USA.
Why You Should Join Us
- Work with and learn from other highly skilled security researchers
- Get to work on many different interesting projects and applications
- Flexible work hours
- Make the internet more secure - one application at a time
- Professional and career development
- Get compensated for your time and effort
Application Process
- Application - Becoming part of the Cobalt Core is a highly selective process, and only the best applicants will be invited to next steps in the on boarding process. Preference will be given to applicants who come referred by other Cobalt Core pentesters.
- Chat with a Cobalt representative - Get to know about Cobalt and how we work. We will also want to know about you, your experience, strengths and what drives you. If we all think it's a great fit, we will explore how we can work together!
- Technical Skills Assessment to demonstrate your technical acumen and reporting.
- Getting setup on the Cobalt platform + Background Check & ID Verification - In this step we will make sure you are all set up for success, and we will also ask you to pass a Background Check & ID Verification.
- Start working on cool projects!
Applicants need apply only once, applications are reviewed on a rolling basis.
Please note that this is a freelance, part-time position available only to Pentesters residing within the USA. Applicants outside of the US will not be considered if you apply through this job posting.
Cobalt
Modernize traditional offensive security with global talent and a SaaS platform to deliver better security - from the team that innovated pentest via Pentest as a Service (PtaaS).
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.