Job Posting: Manual Penetration Tester

Veracode is the leader in the ever-evolving Application Security Testing world.  We continue what is now over a decade of rapid growth and offer not only a number of powerful SaaS-based products to solve our client’s problems, but also a number of support services and platforms to help them better leverage our services and fully realize the added value we can bring to their business.

One such service is our Penetration Testing capabilities, an important complement to our automated scanning technologies.  These services help our clients find business logic and other complex vulnerabilities in web, mobile, desktop, backend and IoT applications.  We are looking to add a Manual Penetration Tester to our highly skilled team and are open to experienced applicants at various career levels. This is a remote/work from home position.

Key Responsibilities:

  • Perform application penetration testing and vulnerability assessments against custom built software applications on Internet-facing and native systems
  • Identify and exploit vulnerabilities in applications
  • Document technical issues identified during security assessments utilizing standard CWE and CVSS classifications

Required Experience – All Applicants:

  • 1-2 years penetration testing experience with a focus on testing web and mobile applications.
  • Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc).
  • Understanding of common software security issues and remediation techniques (OWASP Top 10, SANS top 25, etc).
  • Ability to communicate effectively both written and verbal form in order to communicate results to both developers and management-level audiences. While our reporting system makes reporting a breeze sometimes it takes a little more effort to explain and document those exceptional flaws and exploits.
  • Ability to travel for company related events and potential onsite client work (5-10%). When we say 5-10%, we mean it. Almost all of the work we do is remote, but we have to include a small percentage of travel for rare, edge cases as well as annual company meetings.

Senior or Principal Level Applicants (in addition to above):

  • 5+ years of penetration testing experience in a consulting environment.
  • 3+ years of application penetration testing experience in a consulting environment.
  • Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations.
  • Familiar with testing web applications, natively compiled binary applications, mobile applications, and web services.

Desired Skills:

  • 1-2 years working in a “work from home” remote capacity. Everyone on our team is remote, and we want to ensure remote work will work for you.
  • 2+ years of Professional Web-Application Development or Source Code Review Experience
  • University degree from an accredited college or university in Computer Science, Information Systems, Engineering or related major
  • Penetration testing and reverse engineering experience with embedded systems and hardware (i.e. IoT devices)
  • Experience developing custom scripts or tools used for vulnerability scanning and identification
  • Consulting and/or project management experience

Apply Now OR please email your resume and cover letter to [email protected].


More About Working at Veracode

Veracode, application security business, is a leader in helping organizations secure the software that powers their world. Veracode’s SaaS platform and integrated solutions help security teams and software developers find and fix security-related defects at all points in the software development lifecycle, before they can be exploited by hackers. Our complete set of offerings help customers reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost effectively secure their software assets- whether that’s software they make, buy or sell.

Veracode serves more than 1,400 customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at, on the Veracode blog, on Twitter and in the Veracode Community.

At Veracode you’ll have the opportunity to eliminate barriers for our customers and earn a competitive compensation and total rewards package – all while pushing the boundaries of what’s possible by collaborating with a diverse team of global innovators. In short, Veracode’s fun, diverse, and fast-paced culture has put us on the map as one of the best employers in Information Technology.

We offer competitive salary, company-sponsored premium Medical/Prescription & Dental Plans, company-paid Holidays, Vacation, Anniversary Service and Sick Days, 401(k) Plan, Education/Training Reimbursement, Charitable Gift Program, Adoption Assistance Program.

We are equal opportunity employers. As such, it is our corporate policy to fill positions with qualified candidates regardless of the candidate’s race, color, sex, age, religion, ancestry, national origin, citizenship status, marital status, sexual orientation, gender identity, genetic information, disability, pregnancy, military status, veteran status or any other protected group status.

Contact for Veracode:



[email protected]

Copyright © 2018 Veracode, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.



contact menu