Description
About the Role
The Penetration Tester is a key member of NinjaOne’s core security team, with visibility across the entire organization, from individual developers to executive leadership. Taking a multi-layered approach to uncovering weaknesses in software, web applications, and client-side components to drive meaningful security improvements. You will directly strengthen the security of the NinjaOne platform by identifying and helping resolve technical, security, and architectural vulnerabilities across our software applications and environments.
What You’ll Be Doing
- Perform controlled penetration testing of NinjaOne applications, cloud environments, and infrastructure, demonstrating exploitability and documenting risks and remediation steps.
- Collaborate with Engineering to validate vulnerabilities, communicate impact, and support secure design and remediation efforts.
- Develop custom tools or scripts to support penetration testing, automation, and exploit development.
- Monitor and triage bug bounty submissions, confirming valid findings and routing them to the appropriate teams.
- Stay current on emerging threats, TTPs, and cybersecurity trends, applying them to evaluate NinjaOne’s exposure and guide security initiatives.
- Create clear, comprehensive reports and presentations for both technical and executive stakeholders.
- Promote security awareness across the organization, contributing to policies, best practices, and ongoing security education.
- Other duties as needed
About You
- 2+ years of hands-on penetration testing experience.
- 4+ years in a cybersecurity-related role.
- Strong understanding of security protocols, cryptography, authentication/authorization, and modern attack techniques.
- Security certifications such as OSCP (highly desired) and/or Security+, CISSP, CISM are a plus.
- Proficiency with penetration testing tools such as Burp Suite, Caido, and related frameworks.
- Ability to develop custom testing tools or scripts (Java, Kotlin, C++, Python, or Go).
- Knowledge of security frameworks and methodologies such as OWASP, NIST, or BSIMM, threat modeling like STRIDE or DREAD, and system hardening standards including CIS and CSA.
- Solid understanding of Linux and Windows operating systems, enterprise architecture, TCP/IP and UDP networking fundamentals.
- Experience testing or exploiting cloud-native applications; understanding cloud security architecture is a plus.
- Strong analytical and problem-solving skills with excellent written and verbal communication
About Us
NinjaOne automates the hardest parts of IT to deliver visibility, security, and control over all endpoints for more than 30,000 customers. The NinjaOne automated endpoint management platform is proven to increase productivity, reduce security risk, and lower costs for IT teams and managed service providers. NinjaOne is obsessed with customer success and provides free and unlimited onboarding, training, and support. NinjaOne is #1 on G2 in endpoint management, patch management, remote monitoring and management, and mobile device management.
What You’ll Love
We are a collaborative, kind, and curious community.
We honor your flexibility needs with full-time work that is hybrid remote.
We have you covered with our comprehensive benefits package, which includes medical, dental, and vision insurance.
We help you prepare for your financial future with our 401(k) plan.
We prioritize your work-life balance with our unlimited PTO.
We reward your work with opportunity for growth and advancement.
Additional Information
This position is NOT eligible for Visa sponsorship. Due to federal government security requirements associated with our FedRAMP-authorized environment, candidates must be U.S. citizens or lawful permanent residents.
- Due to operational policies, NinjaOne is unable to hire for this role within the city limits of Chicago. We will consider all qualified candidates who reside outside of the city proper or are willing to self-relocate.
Starting pay for the successful applicant depends on a variety of job-related factors, including but not limited to location, market demands, experience, job-related knowledge, and skills. The benefits available for this position include medical, dental, vision, 401(k) plan, life insurance coverage and PTO. For roles based in California, Colorado, Maryland, New Jersey, or Washington the base salary hiring range for this position is $140,000 to $170,000 per year.
For roles based in New York, the base salary hiring range for this position is $140,000 to $170,000 per year.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, veteran status, or any other status protected by applicable law. We are committed to providing an inclusive and diverse work environment.
#BI-REMOTE
