SecurityBoat RedOps Member (Freelance Pentester)

About SecurityBoat RedOps Member SecurityBoat is building a cutting-edge Penetration Testing as a Service (PTaaS) platform, where the future of offensive security meets scale and speed. As part of our elite RedOps team, you’ll collaborate with a network of top-tier ethical hackers and researchers to deliver high-impact security assessments across a variety of industries and technologies. Role Overview As a RedOps Member, you’ll act as an extended arm of SecurityBoat, executing rigorous penetration tests and red teaming engagements for our clients. You will have the freedom to choose projects aligned with your skills, work remotely, and get paid competitively for every engagement — all while being part of an exclusive offensive security community. Key Responsibilities

• Perform end-to-end penetration testing on Web, Mobile, APIs, Cloud, Network, and/or Active Directory infrastructures.
• Conduct threat modeling and simulate real-world attack scenarios (manual + tool-based).
• Document vulnerabilities with clear PoC, risk impact, CVSS scores, and actionable remediation.
• Stay updated with the latest vulnerabilities, attack vectors, and offensive tooling.
• Collaborate with SecurityBoat’s internal teams for client debriefs, retests, and knowledge sharing.
• Uphold ethical standards and maintain complete confidentiality of client systems and data.

Requirements

Technical Skillset (pick at least 2 core areas)

• Web & API Pentesting (OWASP Top 10, GraphQL, JWT, SSRF, IDOR, etc.)
• Mobile Security Testing (Android/iOS – static/dynamic)
• Network & Infrastructure Pentesting (internal, external, firewall bypass, pivoting)
• Cloud Security (AWS, Azure, GCP misconfigurations, IAM abuse, etc.)
• Red Teaming & Adversary Simulation (MITRE ATT&CK, C2, initial access, privilege escalation)
• Active Directory Pentesting (Kerberoasting, ACL abuse, DCSync, GPO misconfigs, etc.)

Preferred Certifications (Not mandatory, but a plus)

• Offensive Security: OSCP, OSWE, OSEP, OSED
• PortSwigger: Burp Suite Certified Practitioner
• eLearnSecurity: eCPPTv2, eWPTXv2, eMAPT
• Red Team: CRTL, CRTO, CRTP, CRTE
• Others: CEH, GPEN, GWAPT, PNPT

Eligibility Criteria

• Minimum 2+ years of hands-on experience in penetration testing or bug bounty.
• A strong portfolio (CVEs, Hall of Fames, Blogs, or CTF profiles are welcome).
• Availability to work on assigned projects and deliver within given timelines.
• High attention to detail, documentation standards, and ethical conduct.

Benefits

• Paid per project or hour, based on scope and complexity.
• Priority access to high-quality, recurring pentest engagements.
• Exclusive Red Ops Member badge and profile on SecurityBoat PTaaS platform.
• Early access to tools, research, and community-driven bounty opportunities.

Note: This is a freelance contract, not a full-time role. We engage freelance pentesters on a project-by-project basis, with most assignments lasting anywhere between 5 days to 2 weeks. During these short-term engagements, we expect your full availability during standard working hours (8 hours/day) to maintain momentum and meet delivery timelines. At times, you may also be asked to join client calls to clarify findings, discuss technical details, or walk through your report. Clear communication and professionalism in client interactions are key. If you’re a dependable security professional who thrives in focused, time-bound projects and can handle direct client interactions when needed — we’d love to connect with you. Apply To This Job