Job Description

Penetration Testing Specialist @ Redmond, WA Onsite

Location: Redmond, WA Onsite

Duration: Long Term Contract

Seeking a skilled and detail-oriented Penetration Testing Specialist to conduct a comprehensive security assessment of key features and components, including Screen/Window Sharing , Teams Extensibility Apps , and associated Cloud Services . The ideal candidate will possess hands-on experience in security testing of modern collaboration platforms, with a strong understanding of threat modeling, vulnerability analysis, and exploitation techniques specific to real-time communication environments.

Key Responsibilities:

• Lead and execute independent penetration testing assessments focused on:
• Screen/Window Sharing functionality
• Teams Extensibility Apps and integrations (e.g., bots, tabs, connectors)
• Cloud-based services powering Microsoft Teams features
• Perform black-box , white-box , and gray-box testing as needed to simulate real-world attack scenarios.
• Conduct threat modeling and attack surface analysis for the targeted features.
• Identify and exploit vulnerabilities, misconfigurations, insecure design patterns, and logic flaws.
• Provide clear documentation of findings, including severity, reproduction steps, and recommended remediation strategies.
• Collaborate with Engineering and Security teams to ensure findings are addressed and risks mitigated.
• Stay up-to-date with the latest industry threats and security trends in video conferencing, real-time communication, and cloud-native architectures.

Required Qualifications:

• 5+ years of experience in penetration testing , application security, or red teaming.
• Strong expertise in:
• Web application and API security (especially OAuth, SSO, token flows)
• Cloud service security (preferably Azure)
• Real-time media security protocols (e.g., WebRTC, SRTP)
• Familiarity with Microsoft Teams architecture and extensibility model is a plus.
• Hands-on experience with tools like Burp Suite , Nmap , Wireshark , Metasploit , Nessus , OWASP ZAP , etc.
• Relevant certifications preferred: OSCP , OSWE , GWAPT , CPT , or similar.

Seniority Level: Mid-Senior level

Employment Type: Contract

Job Function: Information Technology, Business Development, and Consulting

Industries: Information Services, Software Development, and International Trade and Development

Job Tags

Similar Jobs