ForgeApply
Try it free

ForgeApply · Job listing

Offensive Security Analyst

Sprocketsecurity

Remote · US

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

Company Mission – Our mission is to help secure as many companies as possible, by using the best way of doing so: penetration testing. Sprocket Security prioritizes offensive security for enterprises, empowering them to build robust defense strategies based on individual business risk.

How – At Sprocket Security, we've built an expert-driven Continuous Penetration Testing platform that blends cutting-edge automated and manual testing methods.

Your Mission – You are the human judgment layer at the front of our offensive automation pipeline. You decide what's real, get severity right, and make sure every finding reads like Sprocket wrote it before it ever reaches a client.

Responsibilities:

• Triage, validate, and QA findings surfaced by Sprocket's automation. Reproduce, confirm true positives, and eliminate false positives before anything reaches a client.

• Author and refine findings to client-ready quality in the Sprocket voice, and publish them through the platform.

• Calibrate severity to real business impact against Sprocket's standards, judging real-world impact over theoretical.

• Handle roughly 90% of findings independently and make accurate handle-versus-escalate decisions using the platform workflow, escalating the hard 10% to an Adversarial Engineer with full context attached.

• Feed pattern-level signal back to R&D and the Adversarial Engineering team to tune attack automations and cut false positives at the source. You'll be one of the tightest feedback loops we have into R&D.

• Log validation notes, flag false-positive patterns, and contribute to the knowledge base.

• Script away repetitive validation steps wherever they appear.

• Partner with your fellow R&D team members and the Service Delivery team on the automation feedback loop and client-experience improvements.

• Seek to programmatically enhance automation pipeline with new or updated capabilities when triage is complete and capacity allows, pairing with an Adversarial Engineer as needed.

• Attend daily standups, weekly 1:1s, monthly company calls, and all-hands.

Requirements:

Minimum:

• Demonstrated experience triaging or reproducing vulnerabilities surfaced by a security tool (vulnerability scanner, SAST/DAST/SCA/IAST, or similar automation) in a professional setting.

• Some software programming experience, Python preferred.

• Some exposure to utilizing Generative AI tools for day-to-day tasks, Claude preferred.

• A strong Development, IT, or Infosec foundation, paired with genuine, self-directed security study.

• Enough security depth to validate common vulnerability classes hands-on, including OWASP Top 10, network, and auth issues, not just name them.

• Clear, detail-oriented written communication that holds up under volume.

• The self-direction to manage a high-volume queue independently, without hourly guidance.

Preferred:

• Security+, eJPT, CPTS, PNPT, or a similar foundational credential.

• CTF achievements (HackTheBox, TryHackMe, PortSwigger Academy).

• A degree in computer science, engineering, or IT.

• Genuine interest in working toward OSCP or an equivalent hands-on certification over time.

Benefits:

• Unlimited and mandatory PTO for healthy work/life balance.

• Company matched 401k (immediate eligibility, no one should have to wait to start saving).

• 75% company contribution for health insurance for employees and 50% for dependents.

• 100% company contribution for dental and vision.

• Flexible working hours.

• Hardware and tools of your choice

• Support for your career development with paid training, conferences, certifications, etc.

Ready to apply to Sprocketsecurity?

Apply in about a minute

Similar jobs

More like this: Security & Cybersecurity Jobs · Remote Security & Cybersecurity Jobs · More jobs at Sprocketsecurity · Browse all jobs