Job Description
Responsibilities
* Conduct in-depth penetration testing of cloud environments (AWS, Azure, GCP), focusing on identifying complex vulnerabilities and security misconfigurations.
* Perform penetration testing of containerized applications (Docker, Kubernetes) and serverless architectures.
* Develop and execute custom penetration testing methodologies and tools to simulate real-world attacks.
* Expertise in manual penetration testing techniques and the use of advanced offensive security tools (Burp Suite, Cobalt Strike, Metasploit, etc.).
* Utilize commercial security tools such as Checkmarx, Invicti, and Synopsys for static and dynamic analysis.
* Familiarity with security frameworks and approaches such as SAST, DAST, fuzzing, property-based testing, symbolic execution, and network simulation.
* Perform comprehensive security assessments of RESTful and other API architectures.
* Demonstrated ability to identify and exploit vulnerabilities in API authentication and authorization mechanisms.
* Perform security testing for distributed systems and microservices.
* Expert knowledge of hacking authentication methods such as OAuth, SAML, and JWT.
* Knowledge of macOS and Windows Active Directory systems and their security implications.
* Deep understanding of Linux operating systems and their security implications.
* Ability to analyze and understand complex software architectures and codebases.
* Work closely with software engineers to provide security guidance and recommendations.
* Basic knowledge of Python or Go programming languages for scripting and tool development.
* Collaborate effectively with cross-functional teams, including software engineers, cloud architects, and security professionals.
* Communicate security findings and recommendations clearly and concisely to both technical and non-technical audiences.
* Stay up-to-date on the latest cloud security threats, vulnerabilities, and attack techniques.
* Conduct security research and develop new penetration testing methodologies.
* Have experience in threat modelling, red/blue teaming, working with best-in-class independent engineering teams.
Qualifications
* BA or BSc. in Computer Science, Information Security, or a related field.
* 6+ years of experience in penetration testing, with a strong focus on cloud security.
* Expert-level knowledge of cloud platforms (AWS, Azure, GCP) and their security services.
* Proven experience in API security testing and authentication hacking.
* Strong understanding of Linux, macOS and Windows Active directory operating systems and software development practices.
* Proficiency in using penetration testing tools and frameworks, including commercial tools like Checkmarx, Invicti, and Synopsys etc.
* Excellent communication and collaboration skills.
* Deep understanding of the MITRE ATT&CK framework.
* Experience working in a software development environment.
Nice-to-Have
* Relevant security certifications (e.g., OSCP, OSCE, GPEN, GWAPT).
* Experience with CSPM and SSPM tools.
All your information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr