We are looking for a talented penetration tester with experience in a Red Team role to help us to build security into our services, fortify our defenses and protect the systems that enable hungry people to order their food quickly and securely.
We want people who are passionate about penetrating systems, from reconnaissance to exploitation to post exploitation analysis. Comfortable balancing ethical hacking, development, source code analysis, reverse engineering, infrastructure testing, threat modelling and red teaming activities. A team member who enjoys the challenge of penetrating a wide variety of technology platforms and protocols and partnering with software engineers to ensure it never happens again.
What You'll Be Doing
- Penetration testing of web applications, native apps and other systems
- Design and code reviews of new systems and features
- Coaching and collaborating with engineers to build in security and privacy by design
- Threat modelling as needed
- Providing stakeholders with concise, well-written penetration reports as needed
- Coordinating and tracking penetration testing and vulnerability assessment remediations
- Conducting Red Team exercises to evaluate and improve processes and technologies. Including application design, threat detection, incident response, patching, vulnerability remediation, secure development training and user training.
- Partnering with Blue Team on a daily basis to manage risk as threats evolve
- Optimizing various security technologies
- Collaborating with other engineering and business teams as needed
- Educating and influencing employees on security and coaching junior team members
- Ensuring security policies and standards are understood and complied with
- Working with PCI and SOC auditors to provide evidence of compliance
- Assisting with third party software and provider due diligence
- Continuing to develop your skills, knowledge and capabilities
- Contributing to security strategy, policies and standards
What We'll Expect From You
- Previous Penetration Testing, Red Team or Application Security experience
- Proficient with common attack tools, vulnerability assessment and static inspection tools. Examples include Burp, SET, Metasploit, Nmap, Nessus and Coverity.
- Deep knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards
- Adept at collaborating with software engineers to build security and privacy during design and development.
- Experience using proven secure development frameworks and industry and best practices. Examples include OWASP Top 10, SANS Top 25 and Microsoft SDL.
- Proven experience partnering with Blue Teams to lower risk.
- Proficient bypassing and tuning security technologies. Examples include Anti-Malware, Intrusion Detection System (IDS), Data Leak Prevention (DLP), File Integrity Monitoring (FIM), Firewalls, Security Information and Event Monitoring (SIEM), Multi Factor Authentication (MFA), Web Proxies and Web Application Firewalls (WAF)
- Familiarity with AWS security best practices and Infrastructure-as-Code
- 5+ years of Information Technology experience with a focus on Security
- Strong English writing and verbal communication skills
- Legal right to work in the U.S.
Nice to Have
- Published CVEs
- Experience as a Software Engineer
- PCI, SOC, ISO or CSC20 experience
- OSCP, CEH, GWAPT, GPEN, GCIH, or similar certification