Staff Security Engineer (Penetration Testing & Ethical Hacking)

About This Role:

We are actively seeking Security Engineers to join our team. As part of our Security Engineering team, you will be responsible for enabling Secure Product release at the speed of the development team, and continuously improving Cloud and SaaS posture. The role will serve as a Cloud Security specialist in the areas of cloud architecture design, cloud security, access management, security automation, logging and monitoring, endpoint security, network security, and incident handling. Working closely infrastructure and release engineering team to automate and cloud security workflow and

You will also ensure we're in lock step with product engineering and develop our DevSecOps enabled security services. Engaging with other teams and communicating with stakeholders will be a regular part of the job. We're looking for an individual who's motivated by technology, enjoys automation, and problem-solving.

Responsibilities

• Have significant hands on penetration testing experience and offensive capabilities in numerous core competency areas including web applications,, infrastructure, containers and distributed systems

• Having very in depth understanding of exploiting OS and Web Services

• Threat Modeling and Pen Testing of Cloud security Infrastructure & services

• Have a mature understanding of coverage and risk as an outcome of pen-testing as it relates to product security posture and business needs

• Provide guidance on short term mitigation and effective resolutions

• Track and research the latest developments in vulnerability research

• Have the ability to develop or adapt custom tooling to solve new needs

• Build relationships with engineering teams to drive Cohesity products to a mature security state

• Perform Security training and outreach to internal development tools.

Requirements

• B.S. or M.S. in Computer Science, Electrical Engineering or related experience

• 7+ years experience in web and System services level penetration testing

• Strong understanding of vulnerabilities, common attack vectors and how to resolve them

• Ability to quickly comprehend and digest application/systems designs

• Attacker mindset ability to think creatively about relevant threats and attacks

• Ability to organize and lead others in a pen test through an attack plan on complex application and systems designs

• Well-rounded background in application, network, and system security

• Familiarity with public cloud platforms (preferably AWS)

• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications

• Relevant development/scripting/automation experience in C++, Javascript, Python, Go

• Experience in Pen Tester with OSCP certification and active in bug bounty

• REST API Security testing for Authentication and Authorizations

• Able to automate API Testing with Burp+Postman

• Threat Modeling and design reviews

• Deep understanding of Cloud Security fundamentals (Cloud networks and Cloud-based Systems), including cryptography and the shared responsibility model

• Experience working in a regulated environment (SOC, ISO, PCIDSS, HIPAA, etc.)

• Strong Application Security system security, Infrastructure security knowledge