We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Remote New
Cloudera, Inc. jobs

Staff Penetration Tester

Cloudera, Inc.
United States, Texas
Jul 25, 2025

Business Area:

Engineering

Seniority Level:

Mid-Senior level

Job Description:

At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we're the preferred data partner for the top companies in almost every industry. Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world's largest enterprises.

Are you the type of person who breaks computers for fun? Great, we've got the position for you!

Cloudera is looking for security professionals with expertise in multiple domains to join a unique blended team. Bringing both security operations knowledge and application security know-how, you and our highly collaborative team will play a crucial role in designing Cloudera's products and ensuring the security of the Cloudera Data Platform (CDP) Public Cloud environment. In this role, you will be part of our Product Security (ProdSec)team.

This team is charged with building and maintaining the operational security of our production systems while also working as a critical part of our product development process by baking security into SDLC to programmatically drive change from the design stage of the development lifecycle to the runtime of our product.

Our goal is to build a cycle of improvement that involves discovering and addressing design issues using highly automated DevSecOps processes, improving current products, and reducing issues in future generations of our products.

We're looking for individuals who want to change how security is done at either end of the product roadmap. We're looking for a Penetration Tester with a strong background in application security and a working knowledge of network pentesting. In this role, you'll dive deep into our web apps, APIs, and cloud-hosted services to find vulnerabilities before attackers do. You'll also pitch in on network and infrastructure assessments, but your primary focus will be breaking and helping secure our products.

As a Staff Penetration Tester, you will:

  • Perform manual and automated pentesting of web apps and APIs.

  • Identify and exploit vulnerabilities, chaining findings for maximum impact.

  • Conduct targeted assessments on internal and external networks when needed.

  • Validate and document vulnerabilities with risk ratings and clear remediation guidance.

  • Collaborate with developers, engineers, and product teams to advise on remediation.

  • Contribute to secure SDLC initiatives and AppSec review processes.

  • Create scripts to speed up testing or hand off to engineering teams.

  • Stay current with new vulnerabilities, exploits, and offensive security tools.

  • Review SAST and DAST findings to enhance the testing activity.

  • Assist in the configuration and maintenance of SAST and DAST tools.

We're excited about you if you have:

  • 8-10 years of hands-on penetration testing experience, focusing on application security.

  • Experience with cloud platforms (AWS, Azure, GCP)

  • Experience with manual security source code review.

  • Strong knowledge of the OWASP Top 10 and common web/API vulnerabilities (e.g., Injection attacks, SSRF, auth bypass).

  • Experience with tools like Burp Suite, Nmap, sqlmap, and custom scripts.

  • Experience with Fortify, Semgrep, Burp Enterprise and CI/CD pipeline security.

  • Experience with manual security source code review.

  • Knowledge of network security testing (e.g., basic AD exposure, port scanning, misconfig checks, privilege escalation techniques).

  • Scripting ability in at least one language (Python, Bash, JavaScript, etc.).

  • Strong communication skills, especially when reporting findings and collaborating cross-functionally.

You may also have:

  • Certifications like OSCP, GWAPT, CEH, or eWPTX (Nice, but not required.)

  • Knowledge of containers and Kubernetes security

This role is not eligible for immigrationsponsorship

What you can expect from us:

  • Generous PTO Policy

  • Support work life balance with Unplugged Days

  • Flexible WFH Policy

  • Mental & Physical Wellness programs

  • Phone and Internet Reimbursement program

  • Access to Continued Career Development

  • Comprehensive Benefits and Competitive Packages

  • Paid Volunteer Time

  • Employee Resource Groups

EEO/VEVRAA

#LI-SZ1

#LI-REMOTE

Applied = 0
MORE JOBS LIKE THIS

(web-6886664d94-5gz94)