Senior Staff Engineer - Security Engineer

Company Description

We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at scale — across all devices and digital mediums, and our people exist everywhere in the world (19000+ experts across 33 countries, to be exact). Our work culture is dynamic and non-hierarchical. We are looking for great new colleagues. That is where you come in!

Job Description

We are looking for a Sr. security professional with experience performing security testing (Pen testing) of Applications, & Cloud Environments and articulate the findings in an easily consumable manner to the various internal stakeholders.

You should have exposure to work as a security advisor/consultant for client organizations.

Capability to think Out-of-the-Box and work as a security advisor for client org is key to this role.
 

Qualifications

Must have Skills: Penetration Testing, Vulnerability Management, Cyber Risk Consulting.

Overall 8+ years of experience in the cyber security domain.

4-5 years of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server).

Should have at least 3 years of experience in Security consulting role working as consultant and/or advisor to the client.

Thorough knowledge of the OWASP framework and testing guide.

Hands-on knowledge of Pen testing, red team exercise, and bug hunting.

Knowledge on scripting (e.g. in Python, PowerShell, JavaScript) to write automation scripts & PoCs.

Knowledge on SSO and OAuth 2.0 flows.

Should be able to perform assessment to detect open-shares and non-compliant AD accounts.

Should be well versed with the following tools: Burp Suite, Postman, VirtualBox, Kali Linux, Metasploit, Android Studio (AVD), Scripting, Tenable, AWS, Azure and GCP, DAST and SAST solutions, Snowflake and data modeling concepts.

Good to have skills:

• Security certifications i.e. OSCP, OSWE, CCSP are a plus.
• Experience of cloud security.
• Exposure to SIEM and SOC side of security ecosystem.
• Working experience of advisory/consulting role for CISO org.
• Exposure to DB scripting, data extraction and dashboarding will be a key advantage.
• Should be good at performing Security Testing of the following: Web Application, API, Mobile applications (android + iOS), Infrastructure (Server + network), AWS, Azure, and GCP environments.
• Pen Testing and Red team exercises against assigned target scope.
• Write automation & PoC scripts from time to time.
• Pentest Identity Provider (IdP) integrated applications with SSO and OAuth.

Good To Have Skills: Snowflake, Database Design - General Experience