Penetration Tester

NinjaOne • Full-time • Remote (Brazil) • 1m ago

Why This Job is Featured on The SaaS Jobs

Penetration testing remains a core discipline for SaaS businesses because the product is continuously exposed: web applications, client-side agents, and cloud infrastructure all evolve through frequent releases. This role stands out for its stated visibility across the organisation, suggesting security work that influences both engineering decisions and leadership-level risk conversations—an increasingly common operating model for mature SaaS platforms.

For a long-term SaaS security career, the remit signals breadth that transfers well between vendors: testing production-like cloud environments, validating findings with engineers, and translating technical issues into prioritised remediation. Experience with bug bounty triage and custom tooling also maps closely to how SaaS companies scale security coverage without slowing delivery, combining hands-on exploitation with process and automation.

The position is best suited to practitioners who enjoy pairing deep technical investigation with clear written communication, and who prefer collaborative remediation over “report and move on” assessments. It will fit someone comfortable switching between application, infrastructure, and client-side surfaces, and who is motivated by keeping pace with evolving attacker techniques in a cloud-first product environment.

The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.

Job Description

About the Role

The Penetration Tester is a key member ofNinjaOne’score security team, with visibility across the entire organization,from individual developers to executive leadership. Taking a multi-layered approach to uncovering weaknesses in software, web applications, and client-side components to drive meaningful security improvements. You will directly strengthen the security of theNinjaOneplatform byidentifyingand helping resolve technical, security, and architectural vulnerabilities across our software applications and environments.

English Resume Required.

What You’ll Be Doing

Perform controlled penetration testing ofNinjaOneapplications, cloud environments, and infrastructure,demonstratingexploitability and documenting risks and remediation steps.

Collaborate with Engineering tovalidatevulnerabilities, communicate impact, and support secure design and remediation efforts.

Develop custom tools or scripts to support penetration testing, automation, and exploit development.

Monitor and triage bug bounty submissions, confirming valid findings and routing them to theappropriate teams.

Stay current on emerging threats, TTPs, and cybersecurity trends, applying them to evaluateNinjaOne’sexposure and guide security initiatives.

Create clear, comprehensive reports and presentations for both technical and executive stakeholders.

Promote security awareness across the organization, contributing to policies, best practices, and ongoing security education.

Other duties as needed

About You

2+ years of hands-on penetration testing experience.

4+ years in a cybersecurity-related role.

Strong understanding of security protocols, cryptography, authentication/authorization, and modern attack techniques.

Security certifications such as OSCP (highly desired) and/or Security+, CISSP, CISM are a plus.

Proficiencywith penetration testing tools such as Burp Suite,Caido, and related frameworks.

Ability to develop custom testing tools or scripts (Java, Kotlin, C++, Python, or Go).

Knowledge of security frameworks and methodologies such as OWASP, NIST, or BSIMM, threat modeling like STRIDE or DREAD, and system hardening standards including CIS and CSA.

Solid understanding of Linux and Windows operating systems, enterprise architecture, TCP/IP and UDP networking fundamentals.

Experience testing or exploiting cloud-native applications; understanding cloud security architecture is a plus.

Strong analytical and problem-solving skills with excellent written and verbal communication

About Us 

NinjaOne automates the hardest parts of IT to deliver visibility, security, and control over all endpoints for more than 30,000 customers. The NinjaOne automated endpoint management platform is proven to increase productivity, reduce security risk, and lower costs for IT teams and managed service providers. NinjaOne is obsessed with customer success and provides free and unlimited onboarding, training, and support. NinjaOne is #1 on G2 in endpoint management, patch management, remote monitoring and management, and mobile device management.

What You’ll Love 

Our flexible working hours with home office options enable you to successfully balance your personal life and your job. 
Grow personally and together with one of the fastest growing companies globally.
Develop your skills through our renowned training platform.
Receive competitive compensation. 
Collaborate with an amazing international workforce. 

Additional Information
This position is NOT eligible for Visa sponsorship.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, veteran status, or any other status protected by applicable law. We are committed to providing an inclusive and diverse work environment.

#LI-MM1

#LI-REMOTE

#BI-REMOTE