Senior Offensive Security Engineer

About The Position

Requirements

• 5+ years of Red Team experience.
• Experience mentoring other team members.
• Passion and demonstrated experience for challenging security assumptions.
• Excellent written and verbal communication skills and ability to communicate your findings at many different levels of abstraction from Engineers to Executives.
• Passion for fixing security issues and not just identifying security issues.
• Familiarity with common network protocols and standards such as DNS and TCP/IP.
• Experience with MacOS and Linux.
• Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS, GCP), etc and be able to give hardening suggestions.
• Experience/knowledge of defensive tools/techniques (IDS/IPS, Packet Capture, Network Analysis, AV, EDR, etc.) and how to evade them.
• Deep understanding of Mitre's ATT&CK Framework.
• Strong understanding of the security fundamentals of access and identity.
• Comfortable reading / writing python, go, and javascript.
• Ability to research and execute a testing plan to access a new technology or process.
• Demonstrated experience working with a distributed team.
• Proficiency to communicate over a text-based medium (Slack, JIRA Issues, GitHub issues, & Email) and can succinctly document technical details.

Nice To Haves

• Experience in the Financial Technology domain.
• Experience being a technical lead at other organizations.

Responsibilities

• Evangelize the Offensive Security Team's Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities.
• Mentor and provide guidance to the members of the Offensive Security team.
• Utilize threat modeling to identify threats and shape Red Team priorities and exercises.
• Plan and execute long term, broadly scoped, black box Red Team exercises utilizing vulnerability research, exploit development, and utilizing public proof of concept code.
• Perform penetration testing, code reviews, and design/architecture reviews.
• Write tooling to assist with and automate Red Team assessments.
• Plan and participate in Adversarial Simulation exercises with various security teams.
• Lead Security Incidents when Pentest or Red Team findings require them.
• Publish blog posts and present talks at security conferences.

Benefits

• Market competitive and pay equity-focused compensation structure.
• 100% paid health insurance for employees with 90% coverage for dependents.
• Annual lifestyle wallet for personal wellness, learning and development, and more!
• Lifetime maximum benefit for family forming and fertility benefits.
• Dedicated mental health support for employees and eligible dependents.
• Generous time away including company holidays, paid time off, sick time, parental leave, and more!
• Lively office environment with catered meals, fully stocked kitchens, and geo-specific commuter benefits.