The Senior Offensive Security Engineer supports secure software development and cloud security through application of ethical hacking techniques to validate product security posture. This role will lead engagements with product teams focused on identifying component and system level technical risks and evaluating critical failure points.  They will determine technical security controls to mitigate risks and work with cross functional teams to implement features according to product road maps.

A strong candidate for this role will need to maintain an understanding of dynamic business needs, laser-focus on clear, tangible outcomes, and partner with DevOps teams to productize scalable security controls.

RESPONSIBILITIES

The Senior Offensive Security Engineer will serve as a key role to identify security blind spots in product designs. In joint collaboration with Product Leadership, DevOps, Engineering, and Data Science teams, the Engineer is accountable for delivering high quality ethical hacking capability including: 

• Conducts application and network vulnerability assessments and penetration testing.
• Perform vulnerability analysis of applications, operating systems or networks.
• Identifies, documents, and communicates intrusion or incident path and method.
• Develop and use malware, pivoting, escalating privileges to test the organization’s security effectiveness.
• Plan, communicate, coordinate, and perform penetration tests and security assessments at application, system and enterprise levels.
• Assist with reconnaissance, threat modeling, vulnerability identification, authorized exploitation, and post-exploitation cleanup.
• Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities 
• Experience with penetration testing and red teaming methodologies.
• Experience using common penetration testing tools, BurpSuite, Metasploit, etc.
• Experience in working with Akamai Cloud WAF, API Gateway, DDoS and Bot Management
• Proficient in at least 1 scripting language.
• Mastery of common server and workstation operating systems.
• Ability to think critically and identify areas of technical and non-technical risk.
• Ability to write technical reports and communicate technical content to non-technical audiences.

As a Cloud-first organization, we operate and develop in an ecosystem where deployment and CI/CD pipelines can embed security measures that can achieve speed and scalability through technology. The Senior Offensive Security Engineer will play a significant role in delivering superior services and collaborate with teams to:

• Support a service delivery strategy for product security testing including continuous improvement, quality, and customer satisfaction.
• Providing expert cybersecurity consulting to internal teams
• Engineering & Developer Partnership To effect and maintain a culture of security within engineering, technology, software development, business and operations teams, the Offensive Security Engineer must:
• Maintain an open, collaborative, and consultative culture supported by outreach and education.
• Partner with teams early and proactively.
• Share knowledge and actively bridge relationships into other verticals in the Cybersecurity organization.

 QUALIFICATIONS 

• 3-6 years’ experience in security Demonstrated expertise in software development, DevOps, incident response, digital forensics, reverse engineering, and/or automation.
• Experience with utilizing penetration testing methodologies.
• Understanding of threat attacks, exploitation and data exfiltration.
• In-depth experience identifying and exploiting web application and web service security vulnerabilities including those found in the MITRE ATTACK, OWASP Top 10, IoT Top 10, and Sans Top 25.
• Understanding of application and product architectures, programming languages, web application stacks, and S-SDLC.
• Excellent written and verbal communication skills, with the ability to communicate security objectives and concepts to engineering and business teams.
• Strong interpersonal skills; capable of understanding business needs and translating them into architectural standards/diagrams; able to translate complex data and architectural concepts and principles into easily understanding information by LOBs; ability to design and deliver architectural presentations to IT, senior leadership, and business partners.
• Action-oriented with the ability to set priorities and direction 

Preferred qualifications

• 3+ years working in product security.
• Experience in working with Akamai Cloud WAF, API Gateway, DDoS and Bot Management
• Service delivery experience in a large product organization.
• Demonstrated experience in product/application security architecture, network security, application security, cloud SaaS/PaaS/IaaS.
• Relevant certifications including CEH, PenTest+, CPT, GPEN, OSCP.
• General cyber security expertise with sufficient knowledge of modern DevSecOps technologies such as: Containers (Docker, Kubernetes, etc.) Infrastructure as code (Docker, Ansible, Chef, Terraform, etc.) Continuous integration / Continuous Deployment (Jenkins, GitLab, etc.) Integration of Security testing tools into pipeline. Defect and Issue tracking (Jira, ServiceNow etc.)