Sora Union is a professional services company specializing in Engineering, Design, and QA projects for businesses, organizations, and governments. The Sora Union team is globally distributed and made up of diverse and talented professionals impacted by or at risk of displacement due to conflict or climate change.
We are looking for a skilled and motivated Penetration QA Engineer to join our growing team. In this role, you will simulate real-world cyberattacks to identify and remediate security vulnerabilities across applications, networks, systems, and cloud environments.
You’ll work closely with security engineers, developers, and IT teams to proactively improve our security posture and protect sensitive data.
Key Responsibilities:
- Plan, execute, and document penetration tests on web apps, APIs, networks, and infrastructure
- Perform vulnerability assessments, threat modeling, and exploit validation
- Create detailed, technical reports and executive summaries with actionable remediation steps
- Collaborate with development and infrastructure teams to fix identified weaknesses
- Conduct red team / blue team exercises as needed
- Stay current with new vulnerabilities, attack techniques, and security tools
- Support compliance and regulatory audits with relevant testing evidence
- Contribute to security awareness and best practice training across teams
Ideally, you’ll have:
- Computer science or math degree with at least 5-7 years in a professional QA role
- 2+ years of experience with Penetration Testing
- Proven experience with penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, Nessus, Kali Linux, etc.)
- Strong knowledge of network protocols, web app security, OWASP Top 10, and vulnerability management
- Proficiency in scripting or programming (e.g., Python, Bash, PowerShell)
- Understanding of Linux and Windows environments
The Penetration QA Engineer role is a short term contract position initially reporting to the QA Manager. This role is a distributed position and can be based in any location.
Sora Union is committed to creating and fostering a diverse team. We encourage people from underrepresented backgrounds and all walks of life to apply. We are committed to providing reasonable accommodations to all applicants throughout the application process.
Top Skills
Similar Jobs
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
