ZipRecruiter

Log In

1

Cloud Pentesting Jobs (NOW HIRING)

CertiK

Sr. Security Engineer (Penetration Testing)

OR · Remote

$100K - $180K/yr

... cloud security reviews * Develop comprehensive pentest reports for both technical and non-technical audiences * Research and develop innovative techniques, tools, and methodologies for pentesting ...

CoStar Group

Senior Penetration Tester

Arlington, VA · On-site

Grow the team's pentesting capabilities in infrastructure and cloud-native domains, including CI/CD pipelines, Active Directory, AWS, and Kubernetes. * Recommend remediations that address root causes ...

CoStar

Senior Penetration Tester

Arlington, VA

Grow the team's pentesting capabilities in infrastructure and cloud-native domains, including CI/CD pipelines, Active Directory, AWS, and Kubernetes. Recommend remediations that address root causes ...

CoStar Group

Senior Penetration Tester

Arlington, VA

Grow the team's pentesting capabilities in infrastructure and cloud-native domains, including CI/CD pipelines, Active Directory, AWS, and Kubernetes. * Recommend remediations that address root causes ...

CertiK

Sr. Security Engineer (Penetration Testing)

$100K - $180K/yr

... cloud security reviews * Develop comprehensive pentest reports for both technical and non-technical audiences * Research and develop innovative techniques, tools, and methodologies for pentesting ...

Horizon3.ai

Staff Product Designer

San Francisco, CA · On-site

... internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by ... With the opportunity to shape the future of autonomous pentesting solutions, your work will have a ...

Pensar

Full Stack Engineer

New York, NY · On-site

Collaborate with security researchers to translate pentesting workflows into intuitive and ... Experience with cloud platforms (AWS, GCP, Azure) and containerization (Docker, Kubernetes) is a ...

Coinflow

Security Engineer

Chicago, IL · On-site

$145K - $195K/yr

Comfortable with web app, API, cloud, and infrastructure pentesting * Production experience operating a SIEM (Datadog, Splunk, Elastic, Panther, or similar) and building dashboards that engineers ...

Pensar

Full Stack Engineer

Manhattan, NY · On-site +1

Collaborate with security researchers to translate pentesting workflows into intuitive and ... Experience with cloud platforms (AWS, GCP, Azure) and containerization (Docker, Kubernetes) is a ...

next page

Showing results 1-20

All JobsCloud Pentesting Jobs

Cloud Pentesting information

See salary details

$10

$64

$92

How much do cloud pentesting jobs pay per hour?

As of Jun 8, 2026, the average hourly pay for cloud pentesting in the United States is $64.53, according to ZipRecruiter salary data. Most workers in this role earn between $56.25 and $76.68 per hour, depending on experience, location, and employer.

What are some common challenges faced by cloud pentesters when assessing cloud-based environments?

Cloud pentesters often face challenges such as navigating complex permission models, understanding diverse cloud service architectures, and dealing with multi-tenant environments that restrict certain testing activities. Unlike traditional networks, cloud environments frequently update, requiring pentesters to stay current with new features and security controls. Collaborating closely with cloud administrators and DevOps teams is essential to ensure testing is comprehensive and aligns with organizational policies, while also respecting provider-imposed limitations.

What is the difference between Cloud Pentesting vs Cloud Security Analyst?

AspectCloud PentestingCloud Security Analyst
CertificationsCEH, OSCP, CISSPCISSP, CCSP, Security+
Work EnvironmentConducts simulated attacks on cloud systemsMonitors, analyzes, and implements security measures
Employer & Industry UsageSecurity firms, cloud providers, consultingOrganizations with cloud infrastructure, IT departments
Search & Comparison IntentUnderstanding penetration testing roles in cloudUnderstanding security analysis roles in cloud

While both roles focus on cloud security, Cloud Pentesting involves actively testing cloud systems for vulnerabilities through simulated attacks. Cloud Security Analysts primarily monitor, analyze, and improve security measures. The roles complement each other but differ in approach: pentesters identify weaknesses, analysts maintain ongoing security posture.

What are the key skills and qualifications needed to thrive as a Cloud Pentester, and why are they important?

To thrive as a Cloud Pentester, you need expertise in cloud security principles, penetration testing methodologies, and familiarity with platforms like AWS, Azure, or Google Cloud, often supported by certifications such as OSCP, CEH, or cloud provider-specific credentials. Proficiency with tools like Burp Suite, Metasploit, and cloud-native security services is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for identifying vulnerabilities and explaining findings to stakeholders. These skills and qualities are essential to ensure cloud environments remain secure and compliant with industry standards.

What is cloud pentesting?

Cloud pentesting, or cloud penetration testing, is the process of simulating cyberattacks on cloud-based systems, applications, and infrastructure to identify security vulnerabilities. It involves testing for misconfigurations, insecure interfaces, and other weaknesses specific to cloud environments. The goal is to help organizations secure their cloud resources by uncovering and addressing potential threats before malicious actors can exploit them.
Infographic showing various Cloud Pentesting job openings in the United States as of May 2026, with employment types broken down into 94% Full Time, 2% Part Time, and 4% Contract. Highlights an 1% Physical, and 99% Hybrid job distribution, with an average salary of $134,230 per year, or $64.5 per hour.
Sr. Security Engineer (Penetration Testing)

Sr. Security Engineer (Penetration Testing)

CertiK

OR • Remote

$100K - $180K/yr

Full-time

Posted 25 days ago

Job description

Why Us?
CertiK is a pioneer in blockchain security, leveraging best-in-class AI technology to protect and monitor blockchain protocols and smart contracts. Founded in 2018 by professors from Yale University and Columbia University, CertiK’s mission is to secure the web3 world. CertiK applies cutting-edge innovations from academia to enterprise, enabling mission-critical applications to scale with safety and correctness.

About the Role
The primary responsibility of this role is for CertiK’s security-related services. Intersecting cybersecurity and blockchain, CertiK’s security offerings include security consulting, security reviews, security auditing of smart contracts and blockchains, verification of smart contracts, penetration testing, and more. We are looking to hire someone with a passion for application security and penetration testing. This is a fun and challenging full-time position. If you are excited about hacking, threat modeling, scanning, auditing, designing, and enhancing the security of applications across the board then you will thrive in this role. While you work with clients, we will also provide you with plenty of opportunities to get involved with research and development efforts to help us raise the standards of blockchain security.
Responsibilities
  • Perform security assessments on web, mobile, thick client applications, and browser extensions
  • Conduct external and internal network penetration tests
  • Perform security source code reviews
  • Perform cloud security reviews
  • Develop comprehensive pentest reports for both technical and non-technical audiences
  • Research and develop innovative techniques, tools, and methodologies for pentesting applications in the blockchain space 
  • Contribute to the community by developing tools, presentations, and blog posts
Requirements
  • Passionate about cryptocurrency, DeFi, and blockchain, with a willingness to learn Web3 technologies such as smart contracts
  • Minimum of 4 years of experience in application security and penetration testing
  • Experienced in source code review for different languages, with a strong understanding of JavaScript and TypeScript
  • Experienced in mobile application penetration testing
  • Familiar with cloud platforms and their security risks, such as AWS, Azure, and GCP
  • Experience in programming with scripting languages such as Python and Bash
  • Solid understanding of cryptography
  • BS/MS/PhD in Computer Science or Information Security 
  • Strong spoken and written communication skills
Bonus Points
  • Experienced in pentesting Web3 applications such as crypto exchanges, wallets, Dapps, and key custodian solutions 
  • Experienced in smart contract security audits
  • Familiar with browser extension architecture and security risks
  • Actively participate in the blockchain security community
  • OSCP, OSWE, OSCE, GWAPT, or comparable certification
  • Participated in bug bounty programs and audit contests
  • Published security-related blog posts and spoken at security conferences and/or local meetups
About the Company
One of the fastest-growing and most trusted companies in blockchain security, CertiK is a true market leader. To date, CertiK has worked with over 3,200 Enterprise clients, secured over $310 billion worth of digital assets, and has detected over 60,000 vulnerabilities in blockchain code. Our clients include leading projects such as Aave, Polygon, Binance Smart Chain, Terra, Yearn, and Chiliz.

Investors = Insight Partners, Sequoia, Tiger Global, Coatue Management, Lightspeed, Advent International, SoftBank, Hillhouse Capital, Goldman Sachs, Coinbase Ventures, Binance, Shunwei Capital, IDG Capital, Wing, Legend Star, Danhua Capital and other investors.

Compensation
Target annual base salary for this role performed in the US is $100,000 - $180,000. The exact compensation at which this job is filled will be determined by the skills and experience of qualified candidates.

#LI-Remote
#blockchain
#startups
#hiring


CertiK is proud to offer medical, vision, and dental insurance, 401(k) plan with company matching, life and accidental death and dismemberment insurance, HSA (with high deductible plan), FSA, and other benefits to all full-time employees, along with flexible paid time off and holidays. CertiK also offers a variable commission program for business development sales roles.
 
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.
 
CertiK is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, creed, religion, sex, sexual orientation, gender, gender identity or expression, medical condition, national origin, ancestry, citizenship, marital status or civil partnership/union status, physical or mental disability, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state or local law.
 
CertiK will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements.
https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf
 
All CertiK employees are expected to actively support diversity on their teams, and in the Company.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.