(this position is remote)

What we believe

In the past two years, more than a trillion dollars have been invested in software companies at record prices. And in many cases, the underlying tech is the greatest enabler to the business strategy. But has the approach to govern technology value creation caught up to the magnitude of the risk?

We believe a better way is possible – a more programmatic, proactive approach to actively manage technology throughout the investment lifecycle – and that’s what we do.

Our role

We know that technology can create truly transformative change, and its role in business is only growing. Crosslake is here to support the changemakers and help them buy, build and run better technology.

What we value

You could be a good fit for Crosslake if you see yourself reflected in our guiding values:

Service. We effect change by empowering others.

Curiosity. We believe great advice starts with deep understanding.

Credibility. Our expertise is earned and proven.

Commitment. It’s our privilege to serve clients in their critical moments.

Creativity. We are inspired by the constant pursuit of better. 

Overview

• Perform network-based penetration testing for our clients to identify, assess, and report on vulnerabilities in their public facing infrastructure.
• Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications.
• Perform red team exercises to determine where weaknesses in the client’s infrastructure and how it should be remediated.
• Write clear, concise, effective deliverable reports for clients to help them understand their risk posture and how they can reduce it.
• Advise clients on security best practices including application design, infrastructure architecture design, and other considerations.
• Perform research and presenting at conferences.
• Blog on penetration testing best practices.
• Collaborate with other Crosslake practitioners to socialize penetration testing best practices.

Requirements

• Be an apprentice tester for your first 2 projects and then be willing and able to drive a project on your own to successful completion.
• Participate in and drive penetration efforts on behalf of clients, collaborating, digging deep, and creating a report for the investors to outline technical vulnerability and risk.
• Deliver at least one network, API, or web application penetration test every week.
• Work with private equity companies and other investment firms to help them understand the existing technology risks and vulnerabilities that exist in their environment or portfolio.
• Collaboratively work in partnership with internal and client technical leads and team members to ensure that planning and execution of penetration testing efforts occur in a timely fashion and reports are of high quality.