Staff Pentester

Business Area:

Seniority Level:

Job Description: 

At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we're the preferred data partner for the top companies in almost every industry.  Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world’s largest enterprises.

Cloudera is seeking security professionals with diverse expertise to join its Product Security team, which plays a vital role in safeguarding the Cloudera Data Platform (CDP) Public Cloud. The team integrates security operations and application security practices, embedding security into the software development lifecycle to ensure secure design and runtime environments using automated DevSecOps processes.

The ideal candidate is a seasoned Penetration Tester with strong application security skills and a working knowledge of network pentesting. This role focuses on identifying vulnerabilities in Cloudera’s web applications, APIs, and cloud services, contributing to both proactive defence strategies and long-term product improvement by addressing security concerns across the development and deployment pipeline.

As a Staff Penetration Tester, you will:

• Perform manual and automated pentesting of web apps and APIs.

• Identify and exploit vulnerabilities, chaining findings for maximum impact.

• Conduct targeted assessments on internal and external networks when needed.

• Validate and document vulnerabilities with risk ratings and clear remediation guidance.

• Collaborate with developers, engineers, and product teams to advise on remediation.

• Contribute to secure SDLC initiatives and AppSec review processes.

• Create scripts to speed up testing or hand off to engineering teams.

• Stay current with new vulnerabilities, exploits, and offensive security tools.

• Review SAST and DAST findings to enhance the testing activity.

• Assist in the configuration and maintenance of SAST and DAST tools.

We’re excited about you if you have:

• 8-10 years of hands-on penetration testing experience, focusing on application security.

• Experience with tools like Burp Suite, Nmap, sqlmap, and custom scripts.

• Experience with cloud platforms (AWS, Azure, GCP)

• Familiarity with manual security source code review and CI/CD pipeline security.

• Strong knowledge of the OWASP Top 10 and common web/API vulnerabilities (e.g., Injection attacks, SSRF, auth bypass).

• Experience with Fortify, Semgrep, or Burp Enterprise

• Knowledge of network security testing (e.g., basic AD exposure, port scanning, misconfig checks, privilege escalation techniques).

• Scripting ability in at least one language (Python, Bash, JavaScript, etc.).

• Strong communication skills, especially when reporting findings and collaborating cross-functionally.

• Certifications like OSCP, GWAPT, CEH, or eWPTX (Nice, but not required.)

• Knowledge of containers and Kubernetes security

What you can expect from us:

• Generous PTO Policy 

• Support work life balance with Unplugged Days

• Flexible WFH Policy 

• Mental & Physical Wellness programs 

• Phone and Internet Reimbursement program 

• Access to Continued Career Development 

• Comprehensive Benefits and Competitive Packages 

• Paid Volunteer Time

• Employee Resource Groups

EEO/VEVRAA

#LI-SV1