Home 
How Blumble Works 
Search Algorithm 
Your Privacy 
About 
Facebook
Twitter
Blog
https://offensive-security.com
Offensive Security
Most recent job postings at Offensive Security
via Okta
posted_at: 12 days agoschedule_type: Full-time
Get to know Okta
Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth. At Okta, we celebrate a variety of perspectives and experiences. We are not looking
Get to know Okta
Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth. At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. Join our team! We’re building a world where Identity belongs to you.The Customer Identity team is looking for a Senior Offensive Security Engineer to join the Red Team. The Red Team is responsible for attacking the Okta’s Customer Identity Cloud platform, code, vendors, and infrastructure.
Successful candidates will have a passion for breaking things. Show more details...
Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth. At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. Join our team! We’re building a world where Identity belongs to you.The Customer Identity team is looking for a Senior Offensive Security Engineer to join the Red Team. The Red Team is responsible for attacking the Okta’s Customer Identity Cloud platform, code, vendors, and infrastructure.
Successful candidates will have a passion for breaking things. Show more details...
via Glassdoor
posted_at: 10 days agoschedule_type: Full-time
Company Description
McDonald’s new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will... accelerate technology innovation so 65M+ customers a
Company Description
McDonald’s new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will... accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway.
Leading this tech revolution is McDonald’s Global Technology organization made up of intrapreneurs who get to build really cool tech with scary smart people using the latest innovations like AI, IOT, and edge computing. We do this working along diverse, global teams who are always hungry for a challenge. It’s bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.
As we have matured as an engineering organization and seen the demands for technology grow exponentially, we’re gearing up to deliver on the next set of opportunities for the business. We are building up an engineering team in house accountable for our strategic products. We’ll have diverse squads made up of engineers with traditional and specialized skillsets, both from internal engineers coupled with our partners, to help us flex with demand and solve technology innovation challenges done at an incredible scale.
Check out the Global Technology Technical Blog to learn how technology is directly enabling the Accelerating the Arches strategy.
Job Description
As a Manager of Offensive Security, you will work in a thriving and robust environment specializing in exploitation assessment and vulnerability and assessment management. You will partner with our Incident Response, Remediation, and Cyber Threat Intelligence teams and leverage current adversarial techniques against the network based on red team and cyber intelligence threat assessments. In this role, you will demonstrate accountability, agility, a dedication to being inclusive, a strong business acumen, and will show courage, even in the most challenging situations. We value strong communication skills, a passion for learning, leadership traits, resilience, and self-awareness.
Global Technology Risk Management (GTRM) is the team that is ultimately responsible for the securing of McDonald's information assets at a global level. This role works directly within GTRM, the organization responsible for our Cybersecurity Operations & Incident Response program and critical services, ensuring our leadership makes informed risk-based decisions.
We are moving fast and are adding to our best-in-class team, and joining McDonald's means thinking big every day and preparing for a career that will impact the world. We are customer-obsessed, committed to being leaders in our industry, and believe we are better when we work together. Over the last several years, we have launched home delivery, radically improved the digital experiences of our restaurants, introduced mobile pay, and have so much more to come. These critical initiatives require an essential capability to identify and close security gaps before a real-world adversary.
Responsibilities
• Identify vulnerabilities and exposure within enterprise networks, systems, and applications.
• Lead or enable exploitation operations in support of organizational objectives and target requirements.
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Provide technical documents, incident reports, findings from the analysis, summaries, and other situational awareness information to relevant stakeholders.
• Conduct or support authorized penetration testing on enterprise assets.
• Review the security status of a system (including the effectiveness of security controls) on an ongoing basis and provide recommendations on risk remediation.
• Create and conduct custom tabletop exercises.
• Partner with other teams within GTRM to create new alerts and identify gaps in alerting.
• Analyze Threat Trends to identify indicators of compromise (IOCs).
• Develop scenarios by performing threat hunts and ethical hack tests.
• Perform analysis for target infrastructure exploitation activities.
• Conduct exploitation of wireless computer and digital networks.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information.
Qualifications
Minimum Requirements
• Bachelor's degree or equivalent experience in Computer Engineering, Computer Science, Cyber Security, or other related fields.
• 3+ years experience in Computer Engineering, Computer Science, Cyber Security, or other related fields.
Desired Skills:
• Professional certification such as GCDA or GCPN or OSCP or GXPN or CEH
• Familiarity with complex multinational companies and distributed business models
• Familiarity with exploitation and vulnerability analysis
• Familiarity with threat hunting and red team best practices
• Proficient in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
Additional Information
McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com
McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Nothing in this job posting or description should be construed as an offer or guarantee of employment Show more details...
McDonald’s new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will... accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway.
Leading this tech revolution is McDonald’s Global Technology organization made up of intrapreneurs who get to build really cool tech with scary smart people using the latest innovations like AI, IOT, and edge computing. We do this working along diverse, global teams who are always hungry for a challenge. It’s bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.
As we have matured as an engineering organization and seen the demands for technology grow exponentially, we’re gearing up to deliver on the next set of opportunities for the business. We are building up an engineering team in house accountable for our strategic products. We’ll have diverse squads made up of engineers with traditional and specialized skillsets, both from internal engineers coupled with our partners, to help us flex with demand and solve technology innovation challenges done at an incredible scale.
Check out the Global Technology Technical Blog to learn how technology is directly enabling the Accelerating the Arches strategy.
Job Description
As a Manager of Offensive Security, you will work in a thriving and robust environment specializing in exploitation assessment and vulnerability and assessment management. You will partner with our Incident Response, Remediation, and Cyber Threat Intelligence teams and leverage current adversarial techniques against the network based on red team and cyber intelligence threat assessments. In this role, you will demonstrate accountability, agility, a dedication to being inclusive, a strong business acumen, and will show courage, even in the most challenging situations. We value strong communication skills, a passion for learning, leadership traits, resilience, and self-awareness.
Global Technology Risk Management (GTRM) is the team that is ultimately responsible for the securing of McDonald's information assets at a global level. This role works directly within GTRM, the organization responsible for our Cybersecurity Operations & Incident Response program and critical services, ensuring our leadership makes informed risk-based decisions.
We are moving fast and are adding to our best-in-class team, and joining McDonald's means thinking big every day and preparing for a career that will impact the world. We are customer-obsessed, committed to being leaders in our industry, and believe we are better when we work together. Over the last several years, we have launched home delivery, radically improved the digital experiences of our restaurants, introduced mobile pay, and have so much more to come. These critical initiatives require an essential capability to identify and close security gaps before a real-world adversary.
Responsibilities
• Identify vulnerabilities and exposure within enterprise networks, systems, and applications.
• Lead or enable exploitation operations in support of organizational objectives and target requirements.
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Provide technical documents, incident reports, findings from the analysis, summaries, and other situational awareness information to relevant stakeholders.
• Conduct or support authorized penetration testing on enterprise assets.
• Review the security status of a system (including the effectiveness of security controls) on an ongoing basis and provide recommendations on risk remediation.
• Create and conduct custom tabletop exercises.
• Partner with other teams within GTRM to create new alerts and identify gaps in alerting.
• Analyze Threat Trends to identify indicators of compromise (IOCs).
• Develop scenarios by performing threat hunts and ethical hack tests.
• Perform analysis for target infrastructure exploitation activities.
• Conduct exploitation of wireless computer and digital networks.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information.
Qualifications
Minimum Requirements
• Bachelor's degree or equivalent experience in Computer Engineering, Computer Science, Cyber Security, or other related fields.
• 3+ years experience in Computer Engineering, Computer Science, Cyber Security, or other related fields.
Desired Skills:
• Professional certification such as GCDA or GCPN or OSCP or GXPN or CEH
• Familiarity with complex multinational companies and distributed business models
• Familiarity with exploitation and vulnerability analysis
• Familiarity with threat hunting and red team best practices
• Proficient in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
Additional Information
McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com
McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Nothing in this job posting or description should be construed as an offer or guarantee of employment Show more details...
via LinkedIn
posted_at: 2 days agoschedule_type: Full-timesalary: 119K–210K a year
Responsibilities
About TikTok...
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo.
Why Join Us
At TikTok, our people are humble, intelligent, compassionate and creative. We create to inspire - for you, for us, and for more than 1 billion users on our
Responsibilities
About TikTok...
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo.
Why Join Us
At TikTok, our people are humble, intelligent, compassionate and creative. We create to inspire - for you, for us, and for more than 1 billion users on our platform. We lead with curiosity and aim for the highest, never shying away from taking calculated risks and embracing ambiguity as it comes. Here, the opportunities are limitless for those who dare to pursue bold ideas that exist just beyond the boundary of possibility. Join us and make impact happen with a career at TikTok.
About USDS
At TikTok, we're committed to a process of continuous innovation and improvement in our user experience and safety controls. We're proud to be able to serve a global community of more than a billion people who use TikTok to creatively express themselves and be entertained, and we're dedicated to giving them a platform that builds opportunity and fosters connection. We also take our responsibility to safeguard our community seriously, both in how we address potentially harmful content and how we protect against unauthorized access to user data.
U.S. Data Security (“USDS”) is a standalone department of TikTok in the U.S. This new security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and user data in the U.S., so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.
Responsibilities
- Research underground industry chains and technology, risk control, innovative technologies on defense and attacking
- Conduct various types of effective redteam practices from the external perspective of underground industries
- Following the latest security dynamism globally, responding and technical analyzing with security events timely.
Qualifications
- Familiarity with underground industry chains, attacking technical mechanisms and details with independent capability to analyze risk impact on business.
- Familiarity with reverse engineering on Android or iOS platform, or knowledge about the technical means of data scraping, cheating etc.
- Familiarity with basic strategies and mechanisms of risk control with capability for defense and attacking.
- Practical experience of programming, deep understanding of Android or iOS systems and proficient in (at least one): Java, Objective-C, Swift, C/C++. With solid programming skills and good coding habits;
- Ability to think critically, objectively, rationally. Reason and communicate in result-oriented, data-driven manner. High autonomy;
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok is committed to providing reasonable accommodations during our recruitment process. If you need assistance or an accommodation, please reach out to us at usrc@tiktok.com.
Job Information:
【For Pay Transparency】Compensation Description (annually)
The base salary range for this position in the selected city is $119000 - $210000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
At ByteDance/TikTok our benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support ByteDancers to give their best in both work and life. We offer the following benefits to eligible employees:
We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care.
Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off(PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability.
We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice Show more details...
About TikTok...
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo.
Why Join Us
At TikTok, our people are humble, intelligent, compassionate and creative. We create to inspire - for you, for us, and for more than 1 billion users on our platform. We lead with curiosity and aim for the highest, never shying away from taking calculated risks and embracing ambiguity as it comes. Here, the opportunities are limitless for those who dare to pursue bold ideas that exist just beyond the boundary of possibility. Join us and make impact happen with a career at TikTok.
About USDS
At TikTok, we're committed to a process of continuous innovation and improvement in our user experience and safety controls. We're proud to be able to serve a global community of more than a billion people who use TikTok to creatively express themselves and be entertained, and we're dedicated to giving them a platform that builds opportunity and fosters connection. We also take our responsibility to safeguard our community seriously, both in how we address potentially harmful content and how we protect against unauthorized access to user data.
U.S. Data Security (“USDS”) is a standalone department of TikTok in the U.S. This new security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and user data in the U.S., so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.
Responsibilities
- Research underground industry chains and technology, risk control, innovative technologies on defense and attacking
- Conduct various types of effective redteam practices from the external perspective of underground industries
- Following the latest security dynamism globally, responding and technical analyzing with security events timely.
Qualifications
- Familiarity with underground industry chains, attacking technical mechanisms and details with independent capability to analyze risk impact on business.
- Familiarity with reverse engineering on Android or iOS platform, or knowledge about the technical means of data scraping, cheating etc.
- Familiarity with basic strategies and mechanisms of risk control with capability for defense and attacking.
- Practical experience of programming, deep understanding of Android or iOS systems and proficient in (at least one): Java, Objective-C, Swift, C/C++. With solid programming skills and good coding habits;
- Ability to think critically, objectively, rationally. Reason and communicate in result-oriented, data-driven manner. High autonomy;
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok is committed to providing reasonable accommodations during our recruitment process. If you need assistance or an accommodation, please reach out to us at usrc@tiktok.com.
Job Information:
【For Pay Transparency】Compensation Description (annually)
The base salary range for this position in the selected city is $119000 - $210000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
At ByteDance/TikTok our benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support ByteDancers to give their best in both work and life. We offer the following benefits to eligible employees:
We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care.
Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off(PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability.
We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice Show more details...
via Kansas City, MO - Geebo
posted_at: 3 days agoschedule_type: Full-timesalary: 20–28 an hour
All Covered, IT Services Division of Konica Minolta Business Solutions (KMBS), is the leading national IT services company serving SMB to enterprise markets. Offering a wide variety of career opportunities, All Covered is an excellent choice for motivated IT professionals interested in a stimulating and progressive work environment.
With over 1,000 employees across the U.S. and Canada, All... Covered has a highly skilled team of professionals focusing
All Covered, IT Services Division of Konica Minolta Business Solutions (KMBS), is the leading national IT services company serving SMB to enterprise markets. Offering a wide variety of career opportunities, All Covered is an excellent choice for motivated IT professionals interested in a stimulating and progressive work environment.
With over 1,000 employees across the U.S. and Canada, All... Covered has a highly skilled team of professionals focusing on superior quality service delivery to our customers. We offer hands-on technical training on the most relevant technologies in the industry and career path advancement in all levels of the company.
Please join us in our exciting growth and pursue a rewarding career with All Covered!
Position Objective
Offensive Security Consultant candidates are motivated offensive security professionals, often with 2-5 years of pen testing experience not counting previous IT experience. The primary role of an Offensive Security Consultant is to perform External Network Penetration Tests as well as Application Penetration Tests against web applications, mobile applications, and web services.Security Consultants are expected to execute the appropriate testing methodology, identify risk at a level commensurate with the company bar, perform punctually, clearly document findings for multiple audiences, and demonstrate outstanding customer service skills.
Essential Job Functions
Deliver Application Penetration Tests against web apps, mobile apps, web services, and fat-clients
Security Consultants who have proven adept at application penetration testing will perform small to medium-sized Network Penetration Tests.
Communicate with customers in a friendly manner, quickly and clearly, and with great accuracy during:
o Kickoff and scoping calls
o Assessment status updates and ongoing project communication
o Report delivery
o Wrap-up meetings
o Non-Billable events such as lunches, conferences, and meetups
Work towards professional-level certs such as the OSCP if they have not already been achieved
Assist in enhancing various company methodologies and other documentation
Work with project management to enhance the company s overall efficiency
Assist peers in identifying/exploiting issues during assessments
Demonstrate excellent writing skills both during email correspondence and report creation
Prioritize findings based on perceived risk, using existing knowledge of clients business to ascertain finding severity
Lead by example in behavior, work ethic, and punctuality
Interpret and obey any applicable customer testing restrictions based on scope and kickoff calls
Utilize non-billable time to work on company-directed internal projects
Develop and own an area of expertise e.g. web services, SQL injection killer, mobile apps, Powershell, reporting god, Java, XXE skills, etc.
Contribute to company methodology and vulnerability repositories
Competencies (Knowledge, Skills and Abilities)
Applicants with public disclosure track record will be preferred
Excellent communication skills in written, verbal, and in-person formats
High-level knowledge of common platforms and their vulnerabilities
BurpSuite expert
o Ability to configure working login macros
o Use Repeater and Intruder to manually find flaws.
o Use Scanner in an appropriate manner to automatically find flaws.
o Quickly eliminate false positive based on intuition and response content
Kali Linux
Github
Research
o Search for flaws in fingerprinted services/components
o Find exploits in vulnerable fingerprinted services/components
o Use existing research to craft proof of concepts for assessments
Ability to alter existing exploits so they apply to different assessment targets
Experience, Educational Reqts and Certifications
2
years full-time penetration testing experience
Full familiarity with OWASP top 10, SANS top 25
Applicants with common industry certifications such as OSCP, OSCE, SANS, CREST, and etc. will be preferred.
Konica Minolta Offers:
• Outstanding benefits package (including medical, dental, vision, life insurance)
• 401(k) plan with matching company contribution
• Generous holiday and paid time off schedules
• Ongoing professional development training
• Visible, exciting work supporting sales of cutting edge technology and workflow solutions.
Konica Minolta is an equal opportunity and affirmative action employer. We consider all qualified applicants for employment without regard to race, color, religion, creed, national origin, sex, pregnancy, age, sexual orientation, transgender status, gender identity, disability, alienage or citizenship status, marital status or partnership status, genetic information, veteran status or any other characteristic protected under applicable law.
Estimated Salary: $20 to $28 per hour based on qualifications Show more details...
With over 1,000 employees across the U.S. and Canada, All... Covered has a highly skilled team of professionals focusing on superior quality service delivery to our customers. We offer hands-on technical training on the most relevant technologies in the industry and career path advancement in all levels of the company.
Please join us in our exciting growth and pursue a rewarding career with All Covered!
Position Objective
Offensive Security Consultant candidates are motivated offensive security professionals, often with 2-5 years of pen testing experience not counting previous IT experience. The primary role of an Offensive Security Consultant is to perform External Network Penetration Tests as well as Application Penetration Tests against web applications, mobile applications, and web services.Security Consultants are expected to execute the appropriate testing methodology, identify risk at a level commensurate with the company bar, perform punctually, clearly document findings for multiple audiences, and demonstrate outstanding customer service skills.
Essential Job Functions
Deliver Application Penetration Tests against web apps, mobile apps, web services, and fat-clients
Security Consultants who have proven adept at application penetration testing will perform small to medium-sized Network Penetration Tests.
Communicate with customers in a friendly manner, quickly and clearly, and with great accuracy during:
o Kickoff and scoping calls
o Assessment status updates and ongoing project communication
o Report delivery
o Wrap-up meetings
o Non-Billable events such as lunches, conferences, and meetups
Work towards professional-level certs such as the OSCP if they have not already been achieved
Assist in enhancing various company methodologies and other documentation
Work with project management to enhance the company s overall efficiency
Assist peers in identifying/exploiting issues during assessments
Demonstrate excellent writing skills both during email correspondence and report creation
Prioritize findings based on perceived risk, using existing knowledge of clients business to ascertain finding severity
Lead by example in behavior, work ethic, and punctuality
Interpret and obey any applicable customer testing restrictions based on scope and kickoff calls
Utilize non-billable time to work on company-directed internal projects
Develop and own an area of expertise e.g. web services, SQL injection killer, mobile apps, Powershell, reporting god, Java, XXE skills, etc.
Contribute to company methodology and vulnerability repositories
Competencies (Knowledge, Skills and Abilities)
Applicants with public disclosure track record will be preferred
Excellent communication skills in written, verbal, and in-person formats
High-level knowledge of common platforms and their vulnerabilities
BurpSuite expert
o Ability to configure working login macros
o Use Repeater and Intruder to manually find flaws.
o Use Scanner in an appropriate manner to automatically find flaws.
o Quickly eliminate false positive based on intuition and response content
Kali Linux
Github
Research
o Search for flaws in fingerprinted services/components
o Find exploits in vulnerable fingerprinted services/components
o Use existing research to craft proof of concepts for assessments
Ability to alter existing exploits so they apply to different assessment targets
Experience, Educational Reqts and Certifications
2
years full-time penetration testing experience
Full familiarity with OWASP top 10, SANS top 25
Applicants with common industry certifications such as OSCP, OSCE, SANS, CREST, and etc. will be preferred.
Konica Minolta Offers:
• Outstanding benefits package (including medical, dental, vision, life insurance)
• 401(k) plan with matching company contribution
• Generous holiday and paid time off schedules
• Ongoing professional development training
• Visible, exciting work supporting sales of cutting edge technology and workflow solutions.
Konica Minolta is an equal opportunity and affirmative action employer. We consider all qualified applicants for employment without regard to race, color, religion, creed, national origin, sex, pregnancy, age, sexual orientation, transgender status, gender identity, disability, alienage or citizenship status, marital status or partnership status, genetic information, veteran status or any other characteristic protected under applicable law.
Estimated Salary: $20 to $28 per hour based on qualifications Show more details...
via LinkedIn
posted_at: 5 days agoschedule_type: Full-timework_from_home: 1
Description
Amazon’s Information Security Penetration Testing Team is seeking a Senior Security Engineer to help keep Amazon secure for its customers. In this role, you will attack Amazon’s services, applications, and websites to discover security issues and report them to our internal technology teams. This position will provide you with challenging opportunities, both technologically and as a... leader, but will also be a great deal of fun
Description
Amazon’s Information Security Penetration Testing Team is seeking a Senior Security Engineer to help keep Amazon secure for its customers. In this role, you will attack Amazon’s services, applications, and websites to discover security issues and report them to our internal technology teams. This position will provide you with challenging opportunities, both technologically and as a... leader, but will also be a great deal of fun if hacking Amazon alongside a team of highly skilled individuals sounds exciting to you.
A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Amazon. You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Amazon is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Amazon to find new ways to break services, processes, and technologies throughout the company.
Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. You will demonstrate resilience and navigate ambiguous situations with composure and tact. You will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.
Key job responsibilities
• Leading high quality application penetration tests independently, or as part of a team
• Creating detailed engagement plans and thoroughly documenting findings, gaps, and remediation recommendations
• Developing and implementing improvements to team tooling, innovation, and processes
• Influencing team strategy, direction, and priorities
• Advancing strategic initiatives by influencing leadership, key stakeholders, and partnering with teams throughout Amazon
• Leading effective teamwork, communication, collaboration and commitment across multiple disparate groups with competing priorities
• Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings
Basic Qualifications
• 5+ years of experience in a penetration testing or similar offensive security role
• 5+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
• 5+ years of experience with dynamic and manual code auditing to identify security issues
• 5+ years of experience with interpreted or compiled languages (e.g. Python, Ruby, C/C++, Java, .NET)
• Experience with threat modeling, design review, or other threat analysis techniques
• Bachelor’s degree in Computer Science or related field, or equivalent industry experience
Preferred Qualifications
• Experience with mobile application penetration testing
• Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
• Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
• Experience in developing security tooling and automation
• Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
• Advanced degree in Computer Science or related field
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.
Company - Amazon.com Services LLC
Job ID: A2376105 Show more details...
Amazon’s Information Security Penetration Testing Team is seeking a Senior Security Engineer to help keep Amazon secure for its customers. In this role, you will attack Amazon’s services, applications, and websites to discover security issues and report them to our internal technology teams. This position will provide you with challenging opportunities, both technologically and as a... leader, but will also be a great deal of fun if hacking Amazon alongside a team of highly skilled individuals sounds exciting to you.
A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Amazon. You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Amazon is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Amazon to find new ways to break services, processes, and technologies throughout the company.
Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. You will demonstrate resilience and navigate ambiguous situations with composure and tact. You will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.
Key job responsibilities
• Leading high quality application penetration tests independently, or as part of a team
• Creating detailed engagement plans and thoroughly documenting findings, gaps, and remediation recommendations
• Developing and implementing improvements to team tooling, innovation, and processes
• Influencing team strategy, direction, and priorities
• Advancing strategic initiatives by influencing leadership, key stakeholders, and partnering with teams throughout Amazon
• Leading effective teamwork, communication, collaboration and commitment across multiple disparate groups with competing priorities
• Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings
Basic Qualifications
• 5+ years of experience in a penetration testing or similar offensive security role
• 5+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
• 5+ years of experience with dynamic and manual code auditing to identify security issues
• 5+ years of experience with interpreted or compiled languages (e.g. Python, Ruby, C/C++, Java, .NET)
• Experience with threat modeling, design review, or other threat analysis techniques
• Bachelor’s degree in Computer Science or related field, or equivalent industry experience
Preferred Qualifications
• Experience with mobile application penetration testing
• Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
• Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
• Experience in developing security tooling and automation
• Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
• Advanced degree in Computer Science or related field
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.
Company - Amazon.com Services LLC
Job ID: A2376105 Show more details...
via Glassdoor
posted_at: 14 days agoschedule_type: Full-timesalary: 150K–240K a yearwork_from_home: 1
Lead Offensive Security Engineer (Red/Purple Team) (REMOTE - Palo Alto, CA)
About Skyflow...
We are Skyflow, a Silicon Valley startup that has built the world's first data privacy vault delivered as an API. Our mission is to transform how businesses handle and protect their users' financial, healthcare, and personal information — the data that powers our digital economy. Inspired by the zero trust data vaults that Apple and Netflix built to handle
Lead Offensive Security Engineer (Red/Purple Team) (REMOTE - Palo Alto, CA)
About Skyflow...
We are Skyflow, a Silicon Valley startup that has built the world's first data privacy vault delivered as an API. Our mission is to transform how businesses handle and protect their users' financial, healthcare, and personal information — the data that powers our digital economy. Inspired by the zero trust data vaults that Apple and Netflix built to handle customer data, we've built a cloud-based vault that is available through a simple and elegant API. With Skyflow, developers can easily build best-of-breed data privacy, security and compliance directly into their applications, the same way they use Stripe, Twilio, or Okta.
Skyflow is based in Palo Alto California, with offices in Bangalore, India, and team members working from locations all around the world. We have former Executives and Leaders from the likes of Salesforce, Google, Twilio, and Oracle. Come join us!
About the role:
As the Lead Offensive Security Engineer, you will collaborate and lead the area with the responsibility of validating the security posture of Skyflow's Infrastructure, and Application and Security controls. The team enhances existing service offerings & security testing capabilities and conducts hands-on technical testing, focused on identification of complex vulnerabilities in all infrastructure and products. The candidate must also have the ability to communicate well, motivate and lead cross-functionally as well as be an independent individual contributor, and participate in coordinating response and defensive actions over a variety of security disciplines, and finally, disseminate technical information as appropriate in support of Skyflow's critical business, go to market, and operational infrastructure needs.
We know great Offensive Security Engineers come from diverse backgrounds so no single individual may have all the desired skills on day one. But if you are the kind of software engineer who would have loved to engineer security solutions for enterprise platform offerings - we want to talk to you.
Qualifications:
• 7+ years of conducting Offensive Security Testing (i.e. Red Teaming, Purple Teaming, Threat Intelligence, Penetration Testing, and Product Testing)
• 3+ years in leadership role
• Experience designing a program and creating Standard Operating Procedures, Rules of Engagement, Testing Methodologies
• Experience conducting advanced penetration testing exercises (Network, Web Application, Mobile and Cloud)
• Experience reporting findings and developing pragmatic recommendations with the product ecosystem in mind
• Experience emulating advanced adversarial Tactics, Threats, and Procedures (TTPs)
• Experience with offensive tools and platforms such as Kali Linux, Cobalt Strike, Metasploit, Covenant, Sliver, Bloodhound, Ghostpack, Nmap, Nessus, Zmap, Massscan, EyeWitness, Burp Suite
• Experience with infrastructure automation, server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code development, offensive security operation coordination and communication, vulnerability tracking and remediation, cross functional collaborations
• Effective communicator with experience working in a fast-paced dynamic environment, where prioritization is key to success
• Any of the following industry certifications are nice to have: OSCP, CRTO, OSEP, OSED, OSMR, OSEE, OSWE, OSWP, GPEN, GCIH, GWAPT, GDAT or GXPN
Responsibilities:
• Systematically analyze each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering
• Leverage war gaming to simulate security incidents, observe response across monitoring and incidents, and identify enhancement opportunities
• Develop after action reports to help justify this investment and use the results to hone strategies for the overall organization
• Make contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, blogs, publications, speaking at conferences, etc.
• Execute Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery
• Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure
• Develop payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement
• Document identified vulnerabilities and research corrective/remediation actions in order to recommend a risk mitigation technique(s)
• Maintain knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents
• Communicate effectively with team members and during an engagement
• Keep current with TTPs and the latest offensive security techniques
Benefits:
• Work from home expense (U.S., Canada, and Australia)
• Excellent Health, Dental, and Vision Insurance Options (Varies by Country)
• Vanguard 401k
• Very generous PTO
• Flexible Hours
• Generous Equity
At Skyflow, we believe that diverse teams are the strongest teams. We invite applicants of all genders, races, ethnicities, nationalities, ages, religions, sexual orientations, disability statuses, educational experiences, family situations, and socio-economic backgrounds.
Pay:
A base salary range of $150,000 - $240,000 can be expected for this role in the San Francisco/Bay Area. You could also be entitled to receive an additional incentive bonus or variable pay, equity, and benefits.
Skyflow operates from a place of high trust and transparency; we are happy to disclose the pay range for our open roles that best align with your needs. Exact compensation may vary based on skills, experience, education, and location Show more details...
About Skyflow...
We are Skyflow, a Silicon Valley startup that has built the world's first data privacy vault delivered as an API. Our mission is to transform how businesses handle and protect their users' financial, healthcare, and personal information — the data that powers our digital economy. Inspired by the zero trust data vaults that Apple and Netflix built to handle customer data, we've built a cloud-based vault that is available through a simple and elegant API. With Skyflow, developers can easily build best-of-breed data privacy, security and compliance directly into their applications, the same way they use Stripe, Twilio, or Okta.
Skyflow is based in Palo Alto California, with offices in Bangalore, India, and team members working from locations all around the world. We have former Executives and Leaders from the likes of Salesforce, Google, Twilio, and Oracle. Come join us!
About the role:
As the Lead Offensive Security Engineer, you will collaborate and lead the area with the responsibility of validating the security posture of Skyflow's Infrastructure, and Application and Security controls. The team enhances existing service offerings & security testing capabilities and conducts hands-on technical testing, focused on identification of complex vulnerabilities in all infrastructure and products. The candidate must also have the ability to communicate well, motivate and lead cross-functionally as well as be an independent individual contributor, and participate in coordinating response and defensive actions over a variety of security disciplines, and finally, disseminate technical information as appropriate in support of Skyflow's critical business, go to market, and operational infrastructure needs.
We know great Offensive Security Engineers come from diverse backgrounds so no single individual may have all the desired skills on day one. But if you are the kind of software engineer who would have loved to engineer security solutions for enterprise platform offerings - we want to talk to you.
Qualifications:
• 7+ years of conducting Offensive Security Testing (i.e. Red Teaming, Purple Teaming, Threat Intelligence, Penetration Testing, and Product Testing)
• 3+ years in leadership role
• Experience designing a program and creating Standard Operating Procedures, Rules of Engagement, Testing Methodologies
• Experience conducting advanced penetration testing exercises (Network, Web Application, Mobile and Cloud)
• Experience reporting findings and developing pragmatic recommendations with the product ecosystem in mind
• Experience emulating advanced adversarial Tactics, Threats, and Procedures (TTPs)
• Experience with offensive tools and platforms such as Kali Linux, Cobalt Strike, Metasploit, Covenant, Sliver, Bloodhound, Ghostpack, Nmap, Nessus, Zmap, Massscan, EyeWitness, Burp Suite
• Experience with infrastructure automation, server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code development, offensive security operation coordination and communication, vulnerability tracking and remediation, cross functional collaborations
• Effective communicator with experience working in a fast-paced dynamic environment, where prioritization is key to success
• Any of the following industry certifications are nice to have: OSCP, CRTO, OSEP, OSED, OSMR, OSEE, OSWE, OSWP, GPEN, GCIH, GWAPT, GDAT or GXPN
Responsibilities:
• Systematically analyze each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering
• Leverage war gaming to simulate security incidents, observe response across monitoring and incidents, and identify enhancement opportunities
• Develop after action reports to help justify this investment and use the results to hone strategies for the overall organization
• Make contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, blogs, publications, speaking at conferences, etc.
• Execute Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery
• Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure
• Develop payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement
• Document identified vulnerabilities and research corrective/remediation actions in order to recommend a risk mitigation technique(s)
• Maintain knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents
• Communicate effectively with team members and during an engagement
• Keep current with TTPs and the latest offensive security techniques
Benefits:
• Work from home expense (U.S., Canada, and Australia)
• Excellent Health, Dental, and Vision Insurance Options (Varies by Country)
• Vanguard 401k
• Very generous PTO
• Flexible Hours
• Generous Equity
At Skyflow, we believe that diverse teams are the strongest teams. We invite applicants of all genders, races, ethnicities, nationalities, ages, religions, sexual orientations, disability statuses, educational experiences, family situations, and socio-economic backgrounds.
Pay:
A base salary range of $150,000 - $240,000 can be expected for this role in the San Francisco/Bay Area. You could also be entitled to receive an additional incentive bonus or variable pay, equity, and benefits.
Skyflow operates from a place of high trust and transparency; we are happy to disclose the pay range for our open roles that best align with your needs. Exact compensation may vary based on skills, experience, education, and location Show more details...
via Glassdoor
posted_at: 2 days agoschedule_type: Full-time
Overview
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 1,800 employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers... and scientists work in a collaborative environment
Overview
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 1,800 employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers... and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.
Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.
Equal Employment Opportunity
Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.
Responsibilities
Draper is actively seeking candidates to support current and future offensive cybersecurity projects across a variety of domains supporting the United States of America's national interest and advancing cutting edge research in the fields of Reverse Engineering and Vulnerability Research. Due to the nature of delivering mission-critical capabilities and developing novel applications, the ideal candidate should utilize an interdisciplinary approach to problems and leverage knowledge in other domains and fields. The position has the opportunity to contribute to numerous development efforts encompassing: reverse engineering, exploit development, red teaming, offensive cyber security projects, fuzzing, obfuscation, binary uplifting, and program analysis and synthesis.
actively seeking candidates to support current and future offensive cybersecurity projects across a variety of domains supporting the United States of America's national interest and advancing cutting edge research in the fields of Reverse Engineering and Vulnerability Research. Due to the nature of delivering mission-critical capabilities and developing novel applications, the ideal candidate should utilize an interdisciplinary approach to problems and leverage knowledge in other domains and fields. The position has the opportunity to contribute to numerous development efforts encompassing: reverse engineering, exploit development, red teaming, offensive cyber security projects, fuzzing, obfuscation, binary uplifting, and program analysis and synthesis.
Qualifications
Required Qualifications:
Within the Offensive Cyber Security group we acknowledge that many people in the field may have non-traditional educational paths and we want to encourage all potential applicants to apply.
Applicants should satisfy at least two or more of the following:
• Approximately 1 year plus of job or personal experience in the field, with work related directly to Reverse Engineering and/or Vulnerability Research.
• A degree in Computer Science, Computer Engineering, or related discipline.
• Familiarity with common types of software and/or hardware vulnerabilities and exploits.
• Fluency and experience developing tools in one of the following preferred programming languages:
• Assembly, C, C++, Python, Rust, OCaml
• Familiarity and experience with binary disassembler/decompiler tools.
Preferred Qualifications:
The Offensive Cyber Security group strives to ensure that we all continually improve our technical and personal skillsets to ensure that we remain at the forefront of novel research and development. As such we strongly believe that having a healthy and positive team environment is essential for encouraging individual and team growth.
• Personable, friendly, and willingness to engage with peers.
• Enthusiastic about personal and group-based technical growth.
• Ability to communicate clearly and concisely with others to aid in knowledge transfer.
Due to the interdisciplinary aspects of the position the applicants are not expected to have familiarity with all of the following desired skills but familiarity with at least one or more of the following topics, tools, or techniques will be beneficial to accelerating the process.
General:
• Familiarity with one or more hardware or hypervisor architectures:
• x86, x86_64, ARM, RISC-V, VT-x, SVM
• Familiarity with one or more operating system internals:
• Windows, GNU/Linux, QNX, RTOS
• Understanding of Network Technologies
• TCP/IP and UDP datagrams
• Knowledge of the OSI model
• Deep Packet Capture and Analysis
Software Domain:
• User-mode and kernel-mode debuggers.
• Experience with static and dynamic program analysis for binary and/or network domains.
• Knowledge of compiler internals and passes.
• Web application penetration testing.
Embedded Domain:
• Discovery and usage of debug interfaces with target devices via JTAG/SWD/BDM.
• Custom filesystem extraction and modification, removal and/or regeneration of OOB/CRC data.
• Bus and protocol analysis / reverse engineering.
Hardware Domain:
• eMMC/NAND/SPI flash data extraction and flashing.
• Competent electronic skills (soldering and in-circuit debugging).
• Side channel attack (glitching) experience to place components and/or devices into altered states to bypass protection.
Security Requirement:
• Applicants selected for this position will be required to obtain and maintain a government security clearance Show more details...
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 1,800 employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers... and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.
Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.
Equal Employment Opportunity
Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.
Responsibilities
Draper is actively seeking candidates to support current and future offensive cybersecurity projects across a variety of domains supporting the United States of America's national interest and advancing cutting edge research in the fields of Reverse Engineering and Vulnerability Research. Due to the nature of delivering mission-critical capabilities and developing novel applications, the ideal candidate should utilize an interdisciplinary approach to problems and leverage knowledge in other domains and fields. The position has the opportunity to contribute to numerous development efforts encompassing: reverse engineering, exploit development, red teaming, offensive cyber security projects, fuzzing, obfuscation, binary uplifting, and program analysis and synthesis.
actively seeking candidates to support current and future offensive cybersecurity projects across a variety of domains supporting the United States of America's national interest and advancing cutting edge research in the fields of Reverse Engineering and Vulnerability Research. Due to the nature of delivering mission-critical capabilities and developing novel applications, the ideal candidate should utilize an interdisciplinary approach to problems and leverage knowledge in other domains and fields. The position has the opportunity to contribute to numerous development efforts encompassing: reverse engineering, exploit development, red teaming, offensive cyber security projects, fuzzing, obfuscation, binary uplifting, and program analysis and synthesis.
Qualifications
Required Qualifications:
Within the Offensive Cyber Security group we acknowledge that many people in the field may have non-traditional educational paths and we want to encourage all potential applicants to apply.
Applicants should satisfy at least two or more of the following:
• Approximately 1 year plus of job or personal experience in the field, with work related directly to Reverse Engineering and/or Vulnerability Research.
• A degree in Computer Science, Computer Engineering, or related discipline.
• Familiarity with common types of software and/or hardware vulnerabilities and exploits.
• Fluency and experience developing tools in one of the following preferred programming languages:
• Assembly, C, C++, Python, Rust, OCaml
• Familiarity and experience with binary disassembler/decompiler tools.
Preferred Qualifications:
The Offensive Cyber Security group strives to ensure that we all continually improve our technical and personal skillsets to ensure that we remain at the forefront of novel research and development. As such we strongly believe that having a healthy and positive team environment is essential for encouraging individual and team growth.
• Personable, friendly, and willingness to engage with peers.
• Enthusiastic about personal and group-based technical growth.
• Ability to communicate clearly and concisely with others to aid in knowledge transfer.
Due to the interdisciplinary aspects of the position the applicants are not expected to have familiarity with all of the following desired skills but familiarity with at least one or more of the following topics, tools, or techniques will be beneficial to accelerating the process.
General:
• Familiarity with one or more hardware or hypervisor architectures:
• x86, x86_64, ARM, RISC-V, VT-x, SVM
• Familiarity with one or more operating system internals:
• Windows, GNU/Linux, QNX, RTOS
• Understanding of Network Technologies
• TCP/IP and UDP datagrams
• Knowledge of the OSI model
• Deep Packet Capture and Analysis
Software Domain:
• User-mode and kernel-mode debuggers.
• Experience with static and dynamic program analysis for binary and/or network domains.
• Knowledge of compiler internals and passes.
• Web application penetration testing.
Embedded Domain:
• Discovery and usage of debug interfaces with target devices via JTAG/SWD/BDM.
• Custom filesystem extraction and modification, removal and/or regeneration of OOB/CRC data.
• Bus and protocol analysis / reverse engineering.
Hardware Domain:
• eMMC/NAND/SPI flash data extraction and flashing.
• Competent electronic skills (soldering and in-circuit debugging).
• Side channel attack (glitching) experience to place components and/or devices into altered states to bypass protection.
Security Requirement:
• Applicants selected for this position will be required to obtain and maintain a government security clearance Show more details...
via Indeed
schedule_type: Full-timesalary: 187,040–280,000 a year
Responsibilities
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo...
Why Join Us
At TikTok, our people are humble, intelligent, compassionate and creative. We create to inspire - for you, for us, and for more than 1 billion users on our platform. We
Responsibilities
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo...
Why Join Us
At TikTok, our people are humble, intelligent, compassionate and creative. We create to inspire - for you, for us, and for more than 1 billion users on our platform. We lead with curiosity and aim for the highest, never shying away from taking calculated risks and embracing ambiguity as it comes. Here, the opportunities are limitless for those who dare to pursue bold ideas that exist just beyond the boundary of possibility. Join us and make impact happen with a career at TikTok.
Security Team at TikTok
The team is missioned to build infrastructures, platforms and technologies, as well as to support cross-functional teams to protect our users, products and infrastructures. In this team you'll have a unique opportunity to have first-hand exposure to the strategy of the company in key security initiatives, especially in building scalable and secure-by-design systems and solutions. Our challenges are not your regular day-to-day technical problems; you'll be part of a team that's developing new solutions to new challenges of a kind not previously addressed by big tech. It's working fast, at scale, and we're making a difference.
• Design and execute Red Team Operations against one of the largest and most innovative companies in the world.
• Perform penetration testing and realistic security exercises to simulate various attack scenarios, to test and improve our detection and response capabilities, and to identify weaknesses in our infrastructure and products.
• Collaborate closely with other parts of the security team and product teams to design defense-in-depth controls that limit attackers' ability and improve our security postures.
• Monitor and analyze emerging cyber threats, vulnerabilities, and exploits relevant to our infrastructure and products.
• Bring insight into all aspects of modern security issues to our products and rapidly developing prototypes for mitigations.
Qualifications
• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or other relevant majors.
• 3+ years of experience in ethical hacking, vulnerability research, exploit development, penetration testing or being a member of a red team.
• Advanced knowledge and understanding in various disciplines: web application security, mobile app security, network security, operating system internals and hardening, applied cryptography, cloud computing. You're expected to be an expert in at least one of these areas.
• Strong problem-solving skills and excellent debugging / troubleshooting skills.
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at usrc@tiktok.com.
Job Information
The base salary range for this position in the selected city is $187040 - $280000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
At ByteDance/TikTok our benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support ByteDancers to give their best in both work and life. We offer the following benefits to eligible employees:
We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care.
Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off(PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability.
We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice Show more details...
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo...
Why Join Us
At TikTok, our people are humble, intelligent, compassionate and creative. We create to inspire - for you, for us, and for more than 1 billion users on our platform. We lead with curiosity and aim for the highest, never shying away from taking calculated risks and embracing ambiguity as it comes. Here, the opportunities are limitless for those who dare to pursue bold ideas that exist just beyond the boundary of possibility. Join us and make impact happen with a career at TikTok.
Security Team at TikTok
The team is missioned to build infrastructures, platforms and technologies, as well as to support cross-functional teams to protect our users, products and infrastructures. In this team you'll have a unique opportunity to have first-hand exposure to the strategy of the company in key security initiatives, especially in building scalable and secure-by-design systems and solutions. Our challenges are not your regular day-to-day technical problems; you'll be part of a team that's developing new solutions to new challenges of a kind not previously addressed by big tech. It's working fast, at scale, and we're making a difference.
• Design and execute Red Team Operations against one of the largest and most innovative companies in the world.
• Perform penetration testing and realistic security exercises to simulate various attack scenarios, to test and improve our detection and response capabilities, and to identify weaknesses in our infrastructure and products.
• Collaborate closely with other parts of the security team and product teams to design defense-in-depth controls that limit attackers' ability and improve our security postures.
• Monitor and analyze emerging cyber threats, vulnerabilities, and exploits relevant to our infrastructure and products.
• Bring insight into all aspects of modern security issues to our products and rapidly developing prototypes for mitigations.
Qualifications
• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or other relevant majors.
• 3+ years of experience in ethical hacking, vulnerability research, exploit development, penetration testing or being a member of a red team.
• Advanced knowledge and understanding in various disciplines: web application security, mobile app security, network security, operating system internals and hardening, applied cryptography, cloud computing. You're expected to be an expert in at least one of these areas.
• Strong problem-solving skills and excellent debugging / troubleshooting skills.
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at usrc@tiktok.com.
Job Information
The base salary range for this position in the selected city is $187040 - $280000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
At ByteDance/TikTok our benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support ByteDancers to give their best in both work and life. We offer the following benefits to eligible employees:
We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care.
Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off(PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability.
We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice Show more details...
via The Muse
schedule_type: Full-time
Company Description
Our Mission...
At Palo Alto Networks® everything starts and ends with our mission:
Being the cybersecurity partner of choice, protecting our digital way of life.
We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish – but we’re not here for easy. We’re here for better. We are a company built on the foundation of challenging and disrupting the
Company Description
Our Mission...
At Palo Alto Networks® everything starts and ends with our mission:
Being the cybersecurity partner of choice, protecting our digital way of life.
We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish – but we’re not here for easy. We’re here for better. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.
Disruption is at the core of our technology and on our way of work to meet the needs of our employees now and in the future through FLEXWORK, our approach to how we work. We’re changing the nature of work from benefits to learning, location to leadership, we’ve rethought and recreated every aspect of the employee experience at Palo Alto Networks. And because it FLEXes around each individual employee based on their individual choices, employees are empowered to push boundaries and help us all evolve, together.
Job Description
Your Impact
• Assist in development of internal infrastructure design for research, development, and testing focused on offensive security
• Conducts periodic scans of networks to find and detect vulnerabilities
• Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools
• Ability to assist in scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
• Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients
• Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements
• Conducts IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing)
• Conduct threat hunting and/or compromise assessment engagements to identify active or dormant indicators of compromise (IoCs) using Crypsis and Palo Alto Networks’ threat hunting tools (and/or client owned hunting instrumentation where applicable)
• Assist Crypsis Leadership in the development of security standards and best practices for the organization and recommend security enhancements as needed
• Able to conduct cyber risk assessments using frameworks or standards like NIST CSF, ISO 27001/2, PCI, CIS Top 20, CMMC, or other industry measurement tools
• Conduct cloud penetration testing engagements to assess specific workloads (i.e. AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders
• Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach
• Ability to perform light travel requirements as needed to meet business demands (on average 30%)
Qualifications
Your Experience
• 6-8 years of professional experience with risk assessment tools, technologies, and methods focused on Information Assurance, Information Systems/Network Security, Infrastructure Design, and Vulnerabilities Assessments
• Demonstrate a deep understanding of how malicious software works (i.e.-malware, trojans, rootkits, etc.)
• Ability to modify known and/or craft custom exploits manually without dependence on consumer tools such as Metasploit
• Strong knowledge of tools and techniques used to conduct network, wireless, and web application penetration testing
• Familiarity with web application penetration testing and code auditing to find security gaps and vulnerabilities
• Knowledge and experience in conducting cyber risk assessments using industry standards
• Experience with penetration testing, administering, and troubleshooting major flavors of Linux, Windows, and major cloud IaaS, PaaS, and SaaS providers (i.e. AWS, GCP, and Azure)
• Experience with scripting and editing existing code and programming using one or more of the following: Perl, Python, ruby, bash, C/C++, C#, or Java
• Experience with security assessment tools, including Nessus, OpenVAS, MobSF- Metasploit, Burp Suite Pro, Cobalt Strike, Bloodhound, and Empire
• Knowledge of application, database, and web server design and implementation
• Knowledge of network vulnerability assessments, web and cloud application security testing, network penetration testing, red teaming, security operations, or 'hunt'
• Knowledge of open security testing standards and projects, including OWASP & MITRE ATT&CK
• Ability to read and use the results of mobile code, malicious code, and anti-virus software
• Knowledge of computer forensic tools, technologies, and methods
• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations
Additional Information
The Team
Unit 42 Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders with deep technical expertise and experience in investigations, data breach response, digital forensics, and information security. With a highly successful track record of delivering mission-critical cybersecurity solutions, we are experienced in working quickly to provide an effective incident response, attack readiness, and remediation plans with a focus on providing long-term support to improve our clients’ security posture.
Our Commitment
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.
Palo Alto Networks is evolving and changing the nature of work to meet the needs of our employees now and in the future through FLEXWORK, our approach to how we work. From benefits to learning, location to leadership, we’ve rethought and recreated every aspect of the employee experience at Palo Alto Networks. And because it FLEXes around each individual employee based on their individual choices, employees are empowered to push boundaries and help us all evolve, together.
We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
Disclosure required by sb19-085 (8-5-20) of the minimum compensation (includes on-target earnings = base + on target incentives for sales roles) for this role to be located in the state of Colorado. If hired in Colorado, this position starts at $136,000/yr. Depending on the position offered, restricted stock units and incentive or bonus pay may be provided as part of this compensation package. Additional benefits may be found here.
All your information will be kept confidential according to EEO guidelines Show more details...
Our Mission...
At Palo Alto Networks® everything starts and ends with our mission:
Being the cybersecurity partner of choice, protecting our digital way of life.
We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish – but we’re not here for easy. We’re here for better. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.
Disruption is at the core of our technology and on our way of work to meet the needs of our employees now and in the future through FLEXWORK, our approach to how we work. We’re changing the nature of work from benefits to learning, location to leadership, we’ve rethought and recreated every aspect of the employee experience at Palo Alto Networks. And because it FLEXes around each individual employee based on their individual choices, employees are empowered to push boundaries and help us all evolve, together.
Job Description
Your Impact
• Assist in development of internal infrastructure design for research, development, and testing focused on offensive security
• Conducts periodic scans of networks to find and detect vulnerabilities
• Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools
• Ability to assist in scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
• Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients
• Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements
• Conducts IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing)
• Conduct threat hunting and/or compromise assessment engagements to identify active or dormant indicators of compromise (IoCs) using Crypsis and Palo Alto Networks’ threat hunting tools (and/or client owned hunting instrumentation where applicable)
• Assist Crypsis Leadership in the development of security standards and best practices for the organization and recommend security enhancements as needed
• Able to conduct cyber risk assessments using frameworks or standards like NIST CSF, ISO 27001/2, PCI, CIS Top 20, CMMC, or other industry measurement tools
• Conduct cloud penetration testing engagements to assess specific workloads (i.e. AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders
• Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach
• Ability to perform light travel requirements as needed to meet business demands (on average 30%)
Qualifications
Your Experience
• 6-8 years of professional experience with risk assessment tools, technologies, and methods focused on Information Assurance, Information Systems/Network Security, Infrastructure Design, and Vulnerabilities Assessments
• Demonstrate a deep understanding of how malicious software works (i.e.-malware, trojans, rootkits, etc.)
• Ability to modify known and/or craft custom exploits manually without dependence on consumer tools such as Metasploit
• Strong knowledge of tools and techniques used to conduct network, wireless, and web application penetration testing
• Familiarity with web application penetration testing and code auditing to find security gaps and vulnerabilities
• Knowledge and experience in conducting cyber risk assessments using industry standards
• Experience with penetration testing, administering, and troubleshooting major flavors of Linux, Windows, and major cloud IaaS, PaaS, and SaaS providers (i.e. AWS, GCP, and Azure)
• Experience with scripting and editing existing code and programming using one or more of the following: Perl, Python, ruby, bash, C/C++, C#, or Java
• Experience with security assessment tools, including Nessus, OpenVAS, MobSF- Metasploit, Burp Suite Pro, Cobalt Strike, Bloodhound, and Empire
• Knowledge of application, database, and web server design and implementation
• Knowledge of network vulnerability assessments, web and cloud application security testing, network penetration testing, red teaming, security operations, or 'hunt'
• Knowledge of open security testing standards and projects, including OWASP & MITRE ATT&CK
• Ability to read and use the results of mobile code, malicious code, and anti-virus software
• Knowledge of computer forensic tools, technologies, and methods
• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations
Additional Information
The Team
Unit 42 Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders with deep technical expertise and experience in investigations, data breach response, digital forensics, and information security. With a highly successful track record of delivering mission-critical cybersecurity solutions, we are experienced in working quickly to provide an effective incident response, attack readiness, and remediation plans with a focus on providing long-term support to improve our clients’ security posture.
Our Commitment
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.
Palo Alto Networks is evolving and changing the nature of work to meet the needs of our employees now and in the future through FLEXWORK, our approach to how we work. From benefits to learning, location to leadership, we’ve rethought and recreated every aspect of the employee experience at Palo Alto Networks. And because it FLEXes around each individual employee based on their individual choices, employees are empowered to push boundaries and help us all evolve, together.
We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
Disclosure required by sb19-085 (8-5-20) of the minimum compensation (includes on-target earnings = base + on target incentives for sales roles) for this role to be located in the state of Colorado. If hired in Colorado, this position starts at $136,000/yr. Depending on the position offered, restricted stock units and incentive or bonus pay may be provided as part of this compensation package. Additional benefits may be found here.
All your information will be kept confidential according to EEO guidelines Show more details...
via Indeed
schedule_type: Full-timework_from_home: 1
Alkami is a leading cloud-based digital banking solutions provider for financial institutions in the United States that helps clients to transform through retail and business banking, digital account opening and loan origination, payment fraud prevention, and data analytics and engagement solutions.
Founded in 2009, we continue to be recognized for our intentional culture and tremendous growth... (Best Place to Work in Fintech; Best & Brightest to
Alkami is a leading cloud-based digital banking solutions provider for financial institutions in the United States that helps clients to transform through retail and business banking, digital account opening and loan origination, payment fraud prevention, and data analytics and engagement solutions.
Founded in 2009, we continue to be recognized for our intentional culture and tremendous growth... (Best Place to Work in Fintech; Best & Brightest to Work For Nationally; and Comparably’s Best Company Culture, Best Career Growth, Best Engineering Team, and Best Places to Work in Dallas, among others). Through our bold investments in technology and people, we empower our clients to grow confidently, adapt quickly, and build thriving digital banking communities through tailored experiences for over 14M users.
As a remote-first company, this position can sit in Plano, TX or remote in the US.
Position Overview:
This role is responsible for designing and driving offensive operations against a multitude of computer network systems. The Offensive Security Analyst will conduct threat analysis and emulation, provide assessments of vulnerabilities, discover network anomalies, and uncover policy violations. The Offensive Security Analyst also develops and collaborates with stakeholders to implement counter measures to their findings from an operation.
Key Responsibilities & Duties:
• Identify and digest threat data from various OSINT and closed sources, correlating it against environmental context and ATT&CK matrix to produce threat intelligence. Validate for actionable items, and take appropriate actions to mitigate risk.
• Provide expert threat analysis support to CSIRT and Global SOC. Research actors and tactics, identify ways for SOC to detect and CSIRT to contain a threat in real-time. Research anomalies detected by SOC to assess whether threat or benign.
• Produce threat reports tailored to Alkami business and distributed to the relevant stakeholders throughout the company; in varying forms from real-time immediate action to in-depth periodic assessments of trends and future expectations.
• Threat hunting and forensic analysis. Use sound DFIR methodology to creatively find new and unusual threats. Create hypotheses, device hunting criteria, investigate and validate findings, and recommend remedial actions.
• When required, provide realt-ime and expert threat investigation support to the Cyber Security Incident Response Team.
• Conducts offensive operations against a variety of networks and targets ranging from traditional networks to Individual devices
• Performs red team engagements to strengthen enterprise risk posture
• Integrates provided intelligence to emulate adversaries in target selection and exploitation
• Collaborates with the Vulnerability Management team to contextualize risk to the business, helping drive remediation effort prioritization
• Performs Purple team engagements to strengthen defensive expertise and monitoring capabilities
• Provides guidance and expertise to appropriate business units and stakeholders as it relates to remediation efforts
• Drives automation of repeatable processes to reduce waste and increase efficiency
Qualifications:
• Bachelor’s degree in Computer Science, Computer Engineering, or a related field, or equivalent experience.
• 4+ years cybersecurity or information technology experience required
• 2+ years of conducting Offensive Security Testing (i.e Red Teaming, Purple Teaming, Threat Intelligence, Penetration Testing, and Threat Hunting)
• Relevant industry certifications such as OSCP, GPEN, CEH, or similar
Desired Skills:
• The candidate must have the ability to communicate with cross-functional team members as well as be an independent individual contributor, and participate in improving response and defensive actions over a variety of security disciplines.
• Familiarity with tools such as Metasploit, Nmap, Burp Suite, and Kali Linux.
• Understanding of the MITRE ATT&CK framework and experience building use cases and SOPs around the TTPs.
• Deep understanding of common network and application stack protocols behaviors and anomalies, including but not limited to TCP/IP, ICMP, SMTP, DNS, TLS, XML, HTTP, etc.
• Consuming threat research reports and applying to the threat hunting process
• Basic hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure)
• Experience automating and/or scripting with Python, PowerShell, C#, and/or Java/JavaScript
Cool Things to Know
Not Just Any Company: Alkami has an awesome diverse and inclusive environment. We have a FUN culture and offer great benefits, including remote-first environment, unlimited paid time off, 401k with employer match, and more.
Work Authorization: We cannot offer employment sponsorship at this time. Candidates must be eligible to work in the US for full-time employment.
Recruiters: We are not looking for outside recruiting firms to help us in this search. Thank you for understanding.
Pay Transparency: As of January 1, 2023, new states and locales have enacted pay equity laws that require more pay transparency by employers in the following states: California, Colorado (effective January 1, 2021), Connecticut, Maryland, Nevada, New Jersey, New York, Ohio, Rhode Island and Washington. [$96,000.00 - $144,000.00]
The Important Stuff
Alkami Technology is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: Alkami is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Alkami are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Alkami will not tolerate discrimination or harassment based on any of these characteristics. Alkami encourages applicants of all ages.
#LI-REMOTE Show more details...
Founded in 2009, we continue to be recognized for our intentional culture and tremendous growth... (Best Place to Work in Fintech; Best & Brightest to Work For Nationally; and Comparably’s Best Company Culture, Best Career Growth, Best Engineering Team, and Best Places to Work in Dallas, among others). Through our bold investments in technology and people, we empower our clients to grow confidently, adapt quickly, and build thriving digital banking communities through tailored experiences for over 14M users.
As a remote-first company, this position can sit in Plano, TX or remote in the US.
Position Overview:
This role is responsible for designing and driving offensive operations against a multitude of computer network systems. The Offensive Security Analyst will conduct threat analysis and emulation, provide assessments of vulnerabilities, discover network anomalies, and uncover policy violations. The Offensive Security Analyst also develops and collaborates with stakeholders to implement counter measures to their findings from an operation.
Key Responsibilities & Duties:
• Identify and digest threat data from various OSINT and closed sources, correlating it against environmental context and ATT&CK matrix to produce threat intelligence. Validate for actionable items, and take appropriate actions to mitigate risk.
• Provide expert threat analysis support to CSIRT and Global SOC. Research actors and tactics, identify ways for SOC to detect and CSIRT to contain a threat in real-time. Research anomalies detected by SOC to assess whether threat or benign.
• Produce threat reports tailored to Alkami business and distributed to the relevant stakeholders throughout the company; in varying forms from real-time immediate action to in-depth periodic assessments of trends and future expectations.
• Threat hunting and forensic analysis. Use sound DFIR methodology to creatively find new and unusual threats. Create hypotheses, device hunting criteria, investigate and validate findings, and recommend remedial actions.
• When required, provide realt-ime and expert threat investigation support to the Cyber Security Incident Response Team.
• Conducts offensive operations against a variety of networks and targets ranging from traditional networks to Individual devices
• Performs red team engagements to strengthen enterprise risk posture
• Integrates provided intelligence to emulate adversaries in target selection and exploitation
• Collaborates with the Vulnerability Management team to contextualize risk to the business, helping drive remediation effort prioritization
• Performs Purple team engagements to strengthen defensive expertise and monitoring capabilities
• Provides guidance and expertise to appropriate business units and stakeholders as it relates to remediation efforts
• Drives automation of repeatable processes to reduce waste and increase efficiency
Qualifications:
• Bachelor’s degree in Computer Science, Computer Engineering, or a related field, or equivalent experience.
• 4+ years cybersecurity or information technology experience required
• 2+ years of conducting Offensive Security Testing (i.e Red Teaming, Purple Teaming, Threat Intelligence, Penetration Testing, and Threat Hunting)
• Relevant industry certifications such as OSCP, GPEN, CEH, or similar
Desired Skills:
• The candidate must have the ability to communicate with cross-functional team members as well as be an independent individual contributor, and participate in improving response and defensive actions over a variety of security disciplines.
• Familiarity with tools such as Metasploit, Nmap, Burp Suite, and Kali Linux.
• Understanding of the MITRE ATT&CK framework and experience building use cases and SOPs around the TTPs.
• Deep understanding of common network and application stack protocols behaviors and anomalies, including but not limited to TCP/IP, ICMP, SMTP, DNS, TLS, XML, HTTP, etc.
• Consuming threat research reports and applying to the threat hunting process
• Basic hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure)
• Experience automating and/or scripting with Python, PowerShell, C#, and/or Java/JavaScript
Cool Things to Know
Not Just Any Company: Alkami has an awesome diverse and inclusive environment. We have a FUN culture and offer great benefits, including remote-first environment, unlimited paid time off, 401k with employer match, and more.
Work Authorization: We cannot offer employment sponsorship at this time. Candidates must be eligible to work in the US for full-time employment.
Recruiters: We are not looking for outside recruiting firms to help us in this search. Thank you for understanding.
Pay Transparency: As of January 1, 2023, new states and locales have enacted pay equity laws that require more pay transparency by employers in the following states: California, Colorado (effective January 1, 2021), Connecticut, Maryland, Nevada, New Jersey, New York, Ohio, Rhode Island and Washington. [$96,000.00 - $144,000.00]
The Important Stuff
Alkami Technology is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: Alkami is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Alkami are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Alkami will not tolerate discrimination or harassment based on any of these characteristics. Alkami encourages applicants of all ages.
#LI-REMOTE Show more details...
Norton safe Web