Conduct network infrastructure, Public Cloud (AWS and GCP), and data-layer offensive pen-testing
- Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed
- Basic Qualifications
- A pen-test certification such as Offensive Security Certified Professional (OSCP) or CEH, OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN, eWAPT, eMAPT and/or willing to work towards ultimately obtaining one as part of your career path
- 3+ years of relevant engineering or security assessment experience
- Possess a broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
- Experience with assessing with Cloud-native services, service meshes, and Kubernetes-platform based microservices
- Be able to think both offensively (like a hacker) and defensively (evaluating product security and design)
- Ability to create written work product, detailed technical findings documents, and pen-test reports
- Ability to create and write scripts to automate redundant activities
- Great interpersonal skills, deep technical ability, and a history of successful execution in the assessments industry. If you enjoy discussing anything from procedural linking tables in kernels to remote code execution in JVMs, then we want you on the team
- Experience with Java, Go, Python or Node.js (bonus points for more than one)
- Familiarity with industry-standard threat modeling, risk modeling and vulnerability classification.
- Experience with pre-assessment architectural and API analysis to scope and prepare white-box and grey-box assessments.
- Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle and QA processes.
- Experience with mobile reverse engineering and penetration testing.
- Experience with CLI offensive security tooling.