What is the Cobalt Core?
The Cobalt Core is our exclusive and private community of pentesters. They are the driving force behind our Pentest as a Service platform. The Cobalt Core community consists of over 250 members worldwide and has contributed to securing over 2000 assets since 2013. The Cobalt Core pentests web applications, mobile applications, APIs, internal and external networks, and cloud configurations.
Cobalt’s pentester community is composed of technologists who share a deep passion for learning, collaboration, and making the world more secure. All Cobalt Core pentesters work on a freelance basis. Many hold full-time security jobs and choose to sharpen their pentest skills and enjoy their passion by testing with Cobalt. Other pentesters prefer a freelance lifestyle, and engage on other freelance security platforms in addition to Cobalt.
You can get to know the Core by checking out a few interviews with amazing pentesters such as Dan Beavin, Stefan Nicula, Nikhil Srivastava, and Ozgur Alp. All Cobalt Core pentester profiles can be found here.
The Cobalt Core community is built on a foundation of knowledge sharing and continuous learning. We provide a space where each pentester can level up, whether that be with regards to their technical or professional skills. Interested in sharpening your pentest skills? Want to test different technologies or apply your expertise to different industries? The Cobalt platform offers a pentester playground that gives experienced security professionals a chance to apply themselves in new ways and build upon their previous pentest and professional work.
Cobalt has a diverse customer portfolio ranging from healthcare, advertising, finance, ecommerce, CRM, and more. This gives pentesters the opportunity to work on various tech stacks allowing for a variance that provides opportunities to expand upon your knowledge of various attack vectors and remediation solutions.
We understand that the freelance security platform payout methods can vary; at Cobalt, we pay pentesters for their time and effort, not on individual findings. We have clear expectations for pentesters to put forth their best effort to find the most critical vulnerabilities while taking into consideration the business impact. Our pentesters provide individual peer reviews and our customers provide group feedback at the end of each pentest engagement to ensure that expectations are being met.
With Cobalt, pentesters have the flexibility to choose their schedule. They choose to sign up for engagements that interest them and that they have the time and bandwidth to take on.
Cobalt fully endorses and has focused on creating a career path for those who wish to showcase and or develop their leadership skills. For each pentest engagement, Cobalt assigns a pentester Lead. The Lead is a trusted adviser, who we encourage to mentor new Core members, provide project management experience, and are recognized for their technical expertise. A Core pentester is invited to be a Lead after a period of time and demonstrating the requirements.
How to join and what to expect?
We welcome all who are interested in joining the Cobalt Core to apply here. If an applicant meets the required experience and expertise they will be invited to participate in a skills assessment. The skills assessment is intended to demonstrate their technical skills.
While we seek out highly skilled pentesters for their level of technical expertise, the ability to deliver well-written and detailed vulnerability reports is also taken into consideration when evaluating a Core applicant. Grammar and proof of concept (PoC) are also a part of the overall skills assessment and will be taken into account when reviewing summary of findings.
Should an individual not pass on their first attempt of the technical skills assessment, Cobalt does allow for a second attempt six months or more after the initial assessment. We recognize that a skills assessment is a point in time assessment and encourage applicants to continue to enhance their skills which is why we are happy to reconsider applicants later on.
In addition, during the application process, each interested pentester is invited to meet with a Community Manager to address any questions and ensure that expectations align. Once the technical skills assessment and the community interview are successfully completed candidates will go through a vetting and verification process.
We aim to maintain a community of collaboration, professionalism, and respect with a passion for learning. If you're interested in learning more about becoming a member of the Cobalt Core we welcome you to apply here.