| Senior Penetration Tester Product Security Expert at Remote, Remote, USA |
| Email: [email protected] |
| From: Madhu, STM Consulting Inc [email protected] Reply to: [email protected] Senior Penetration Tester Product Security Expert Duration: 6 months Location: US Remote Rate: Open As a contractor of the Product Security Penetration Testing team, youll be responsible for finding vulnerabilities before the bad guys do, and raising the security bar across our suite of products. We are looking for a motivated, passionate security researcher who has a broad base of offensive security knowledge. Our ideal contractor wakes up each morning thinking about new ways to abuse and break software. Their goal is to identify relevant security risks and help the business understand them so they can build effective defenses and protect customers and their data. Responsibilities Perform penetration testing engagements against a diverse cloud environment and find vulnerabilities in software, systems, and networks Develop tools, methodologies and infrastructure to support penetration testing engagements in a variety of cloud environments and novel platforms Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics Work with security and engineering teams to communicate findings, recommendations, and knowledge to key stakeholders Play a leadership role in building an App Sec program that has a wide scope and impact Minimum Qualifications 12+ years experience pen testing services deployed in public cloud infrastructure Solid understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc. Expert understanding of software security architecture and design, threat modeling, code review, and mitigations for common application security issues Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth Deep familiarity with current offensive security practices, bug bounty programs, CTFs, fuzzing, and other pen test tools and techniques Demonstrated ability to collaborate with other teams to achieve complex objectives Preferred Qualifications 12+ years experience working in an information security discipline Ability to find and exploit bugs in: o C++, Java, JavaScript, Go, and Python o Kubernetes, AWS, GCP, or Azure o Memory management, namespaces, cgroups, etc. Prior experience working in a high growth, cloud native technology company Fluency in one or more programming or scripting languages: Java, Python, C++, Go Have read and are capable of implementing ideas from Site Reliability Engineering, Building Secure & Reliable Systems, or Engineering Trustworthy Systems Contributions to the security community, such as open source tools, research papers, conference talks, etc. Keywords: cplusplus golang |
| [email protected] View all |
| Wed Oct 04 23:50:00 UTC 2023 |