Synack has expanded its partnership with CREST by adding two certifications to its Synack Red Team Pathways programme, extending a relationship that has been in place for seven years.
The new additions are CREST Certified Tester Infrastructure and CREST Certified Tester Application. They join the CREST Registered Penetration Tester certification, which Synack has recognised since the pathways programme began.
The change gives researchers with those CREST credentials a direct route into the Synack Red Team, a vetted community of security researchers used for client testing engagements. It also gives customers an additional external benchmark for the qualifications of the researchers assigned to their work.
Expanded pathways
Synack has held CREST accreditation for penetration testing since 2019. The accreditation requires annual renewals and full audits every three years covering methodology, data security handling, and technical operations.
By adding the new certifications, Synack is extending CREST recognition from the company level to individual researchers. The infrastructure qualification maps to host and infrastructure assessments, while the application qualification maps to web application testing.
The Synack Red Team remains highly selective, with fewer than 10% of applicants accepted. Researchers must pass background checks, technical assessments, skills validation, and continuing performance reviews before they can work in customer environments.
Regulatory focus
The expanded recognition comes as supplier credential checks carry more weight in regulated markets. Independently verified qualifications are becoming more relevant for organisations working under frameworks such as DORA, NIS2, and TIBER-EU.
CREST is a not-for-profit body that sets standards for technical security testing and runs accreditation and certification schemes for companies and practitioners. Its qualifications are particularly well established in Europe, the Middle East, and Africa, where security teams in regulated sectors often treat CREST status as a baseline procurement requirement.
That regional emphasis matters for Synack because the company operates across multiple markets and uses researchers based around the world. The additional CREST pathways appear intended to make its talent pool easier for buyers to assess, especially those seeking externally validated credentials alongside a provider's own screening processes.
Research access
Ryan Rutan, Senior Director of Community at Synack, said the company sees the additional certifications as a way to add independent verification to its existing vetting model.
"A pentest is only as strong as the researchers running it," said Ryan Rutan, Senior Director of Community, Synack. "Expanding the CREST certifications recognized on SRT Pathways adds a third-party stamp to the rigor our customers already count on from the Synack Red Team. And for CREST-certified researchers, it creates a clear, structured path to put those credentials to work on real engagements."
The pathways programme also has implications for researchers seeking access to paid work through Synack's platform. Holders of recognised CREST certifications receive expedited onboarding consideration and a clearer route to higher earning potential.
One existing Synack Red Team member said the accreditation has practical value in recruitment and client-facing work, especially in markets where the qualification is widely expected.
"CREST has genuinely helped me out in my career, especially when working in the MEA and EU markets where it's basically expected," said Nikhil K. "It makes it easier for recruiters to shortlist the right people since CREST is widely recognised and trusted. It's considered a gold standard in pentesting, so having it adds credibility and makes it easier to get through initial screening and land better opportunities."
Career development
For CREST, the expanded arrangement creates another route for certified testers to join a commercial research community with global reach. The organisation has positioned its standards framework as a way to support both career development and buyer confidence in cybersecurity services.
"Our partnership with Synack gives CREST-certified penetration testers a direct path into one of the most selective research communities in the world," said Michael Keen, Senior Product Manager, Workforce Development at CREST. "That's good for researchers building careers in offensive security, it's good for maintaining high standards to advance testing methodologies, and it's good for the organisations that rely on independently credentialed talent to protect their most critical environments."