Write tooling to assist with offensive security assessment;
Conduct discovery activities to map environments;
Build, conduct, and participate in offensive security exercises;
Perform penetration testing (application, API, mobile, infrastructure), vulnerability scanning (internal and external), code reviews and design/architecture reviews;
Work closely with development teams to mitigate or remediate security vulnerabilities;
Empower developers to do their jobs securely without creating additional friction;
Educate our engineers about security in application code and infrastructure;
Educate our non-technical employees about security good practices and attacks;
Assist in Incident Response activities (if it involves Security);
What skills do I need?
Advanced background in Offensive Security (Red Team active participation);
Strong understanding of vulnerabilities, common attack vectors and how to solve/fix them;
A great eye to identify/analyze attacks on company assets and also simulate internal/external attacks (Ethical Hacker mindset);
Well-rounded background in host, network and application security (Web, API and Mobile);
Huge familiarity with threat analysis (malware, phishing, social engineering, etc);
Attacker mindset ability to think about creative threats and attack vectors;
Knowledge in tailored reconnaissance, weaponization, exploitation and lateral movement;
Know-How of Threat modeling in a cloud environment;
Experience with common security tools including but not limited to: Nmap, SQLmap, Metasploit, Kali Linux (OS), Burp Suite, Qualys/WAS, ZAP Proxy, Prowler, Censys/Shodan and others;
Familiarity with implementation and maintenance of SAST/DAST/IAST sensors;
In-depth knowledge of OWASP10, SANS25 and other world-known security frameworks;
Understanding of a complete SDLC and how to make it secured (S-SDLC)
Familiarity with Cloud platforms (AWS or equivalent);
Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially Engineering Team);
Effective written and oral communication involving both business and technical sides of the business;
Quickly identify issues and solve them;
Ability to present technical risks to a broader audience (both written and spoken);
Nice to have!
Experience on research of vulnerabilities and development of exploitation tools
Building and automating common Red Team processes and activities
Knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
Certification or equivalent knowledge (DCPT/OSCP/OSCE/OSWP/OSWE/CEH)
Exposure to PCI-DSS framework or any other relevant security standard will be valued
Have previously participated as speaker (or just participated in the activities) on Security conferences like DefCon, MindTheSec, EkoParty, Hackaflag, Bhack, You sh0t the sheriff, CryptoRave, etc
Active participation in CTFs and also Bug Bounty programs
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Get hired quicker
Be the first to apply. Receive an email whenever similar jobs are posted.
Ace your job interview
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
