About the Company

Sentrabyte Digital Solusi is a remote-first cybersecurity company with over five years of operational experience. We specialize in advanced security assessments, real-world risk validation, and high-impact penetration testing for global clients.
Our work culture is focused, fully distributed, results-driven, and free from unnecessary bureaucracy. We value clarity, professionalism, and strong technical execution.


Role Overview

We are seeking a Cyber Security Specialist (Red Team / Offensive Security) with proven expertise in real-world exploitation and structured penetration testing.
This position is well-suited for professionals who prefer autonomy, enjoy technical depth, and take pride in delivering accurate, high-impact security outcomes.

You will conduct authorized penetration tests, validate vulnerabilities, and contribute to our internal testing frameworks. Clear expectations, consistent workflow, and measurable results are key components of this role.


Key Responsibilities

• Perform advanced penetration testing across applications, networks, and infrastructure.
  
• Validate vulnerabilities and assess real-world impact under authorized conditions.
• Analyze access paths and verify the feasibility and security of system access.
• Produce high-quality technical documentation with reproducible steps and evidence.
• Work closely with internal reviewers to maintain accuracy and technical integrity.
• Maintain consistent weekly output aligned with established quality standards.
• Stay current with modern offensive security tools, attack techniques, and methodologies.

Requirements

• Proven real-world offensive security experience in authorized environments (client engagements, internal Red Team, or enterprise pentests — not limited to labs or CTFs).
• Demonstrated ability to achieve OS-level access (Linux/Windows) through real exploitation paths such as RCE, command injection, insecure deserialization, file upload abuse, or chained vulnerabilities.

• Strong understanding of post-exploitation activities, including:

  • Enumeration after initial access

  • Privilege escalation (Linux/Windows)

  • Credential access and token abuse

  • Lateral movement or internal pivoting (where scope allows)

• Solid knowledge of web, API, and network attack surfaces, with the ability to chain application-layer issues into system-level compromise.
• Hands-on experience using offensive tooling in real engagements (e.g. Burp Suite, Nmap, ffuf, Metasploit, linPEAS/winPEAS, custom scripts).
• Ability to work independently in a results-driven environment, managing exploitation workflows end-to-end.
• Strong written communication skills in English, with the ability to produce clear, reproducible exploitation evidence (commands, payloads, screenshots, logs).

Nice to Have

• Experience in authorized penetration tests, Red Team engagements, or validated bug bounty reports.
• Ability to design repeatable and stable testing workflows.
• Hands-on experience with Linux and Windows systems.
• Relevant certifications (OSCP, OSEP, etc.) are considered an advantage but not mandatory.

Why Work With Us

• Fully remote role with flexible working hours.
• Engineering-focused environment with no corporate politics.
• Opportunity to work on real-world security projects beyond theoretical labs.
• Performance-based bonus opportunities.
• Supportive, collaborative, and technically mature team.

Compensation level is determined by proven exploitation capability, testing consistency, and technical depth.

Salary Range

• Junior / Intermediate: USD 18k – 30k

• Mid-Level: USD 30k – 45k

• Senior / Advanced Red Team: USD 45k – 80k+

Mandatory Requirement (Non-Negotiable)

• Documented, real-world experience obtaining stable OS-level shells (Linux and/or Windows) on production or authorized environments.

• Candidates must be able to clearly explain at least one end-to-end exploitation flow, including:

  • Initial access vector

  • How shell access was achieved

  • Execution context (user / privileges)

  • What actions were performed immediately after gaining the shell

• Candidates without hands-on get-shell and post-exploitation experience will not be considered for this role, regardless of application security or reporting background.

• Applicants may be asked to verbally walk through a real exploitation scenario during the interview.
  
  
  This role is not suitable for candidates focused primarily on application security, secure code review, or vulnerability reporting without hands-on OS-level exploitation experience.