96% readBuilding on seven years of CREST accreditation, Synack deepens its commitment to independently verified security talent by adding two new CREST certifications to the SRT Pathways program
REDWOOD CITY, Calif.—Synack, the Human + AI penetration testing platform, today announced an expansion of its longstanding partnership with CREST , an international not-for-profit organization that sets the standard for technical security testing.
The expansion adds two new CREST certifications to the Synack Red Team (SRT) Pathways program , giving CREST-certified security researchers a direct route to join the SRT and giving enterprise customers additional assurance that the researchers behind their engagements hold independently verified credentials.
Synack has been a CREST Accredited Member Company for Penetration Testing since 2019, a designation that requires annual renewals and triennial full audits of the company’s methodology, data security handling, and technical operations. This expansion deepens that relationship by extending CREST’s independent standard to the individual researcher layer.
The SRT Pathways program now recognizes two additional CREST certifications:
– CREST Certified Tester Infrastructure (CCT INF) — mapping to host and infrastructure assessment
– CREST Certified Tester Application (CCT APP) — mapping to web application testing
They join the CREST Registered Penetration Tester (CRT), which has been recognized in SRT Pathways since the program launched. Researchers who hold any of these credentials receive expedited onboarding consideration and a reliable path for greater earning potential.
The SRT is one of the most selective communities in offensive security. Fewer than 10% of applicants are accepted, with each researcher passing background checks, technical assessments, skills validation, and ongoing performance review before touching a customer environment. CREST certifications sit alongside that as a second, independent benchmark — one that is increasingly meaningful for organizations operating under frameworks such as DORA, NIS2, and TIBER-EU, where vendor credentialing is becoming part of procurement diligence.
As a multinational company with customers and researchers spanning the globe, Synack recognizes that CREST carries particular weight in EMEA markets, where enterprise security teams and regulated organizations increasingly treat independent credentialing as an important procurement signal.
“A pentest is only as strong as the researchers running it,” said Ryan Rutan, Sr. Director of Community at Synack. “Expanding the CREST certifications recognized on SRT Pathways adds independent validation to the rigor our customers already count on from the Synack Red Team. And for CREST-certified researchers, it creates a clear, structured path to put those credentials to work on real engagements.”
“CREST has been valuable in my career, especially when working in the MEA and EU markets where it is widely expected,” said SRT member Nikhil K. “It makes it easier for recruiters and organizations to identify qualified talent because CREST is recognized and trusted. It is considered a gold standard in pentesting, so having it adds credibility and can help open up better opportunities.”
“Our partnership with Synack gives CREST-Certified penetration testers a direct path into one of the most selective research communities in the world,” said Michael Keen, Senior Product Manager – Workforce Development at CREST. “That’s good for researchers building careers in offensive security, it’s good for maintaining high standards to advance testing methodologies, and it’s good for the organisations that rely on independently credentialed talent to protect their most critical environments.”
CREST-certified researchers interested in joining the Synack Red Team can learn more and apply through the Synack Red Team Pathways program .
Enterprise customers looking to understand how CREST accreditation and independently verified researcher credentials strengthen their penetration testing programs can learn more at Synack or contact Synack to discuss their security testing needs.