Senior Offensive Security Engineer

SurveyMonkey is the world’s most popular platform for surveys and forms, built for business—loved by users. We combine powerful capabilities with intuitive design, effectively serving every use case, from customer experience to employee engagement, market research to payment and registration forms. With built-in research expertise and AI-powered technology, it’s like having a team of expert researchers right at your fingertips.

Trusted by millions—from startups to Fortune 500 companies—SurveyMonkey helps teams gather insights and information that inspire better decisions, create experiences people love, and drive business growth. Discover how at surveymonkey.com.

What we’re looking for

The offensive security engineer is responsible for planning and executing tactical penetration testing and offensive security assessments against corporate assets and SurveyMonkey products. You will work with numerous company partners to plan and execute penetration tests, perform red/blue team activities, and prioritize remediations with engineering teams. You will also work with external partners including penetration testers, security auditors and bug bounty researchers to prioritize and assess findings. As an offensive security engineer, you will oversee end-to-end execution including planning, reconnaissance, vulnerability identification and exploitation, detailed technical and executive reporting, technical remediation and tracking for closure.

What you’ll be working on

• Perform adversarial simulations on both internet and internal assets, including wireless, web application, API, cloud and containers
• Evaluate the efficacy of existing detection and mitigation mechanisms and identify gaps in visibility, data, tools, and processes
• Perform penetration testing against SurveyMonkey assets and implement tools that help complete security assessments and red/blue teaming engagement
• Engage and educate engineering teams on penetration testing findings and application security best practices to help improve application security posture
• Review design proposals and threat models to ensure security is 'built in'
• Exploit vulnerabilities, document and track findings and work with various teams to improve the security of both our products and us.

We’d love to hear from people with

• 5+ years of experience conducting application security assessments and penetration tests
• Experience planning & performing web application, cloud and network penetration testing assessments
• Knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems
• Knowledge of attack surfaces for applications, enterprise systems and services
• Experience in at least one of PHP, Python, Ruby, or Java
• Experience with bug bounty programs
• Experience gaining the trust of others through honesty, integrity, and authenticity

SurveyMonkey believes in-person collaboration is valuable for building relationships, fostering community, and enhancing our speed and execution in problem-solving and decision-making. As such, you will be required to work from a SurveyMonkey office for up to 1 day per week.

#LI - Hybrid

Why SurveyMonkey? We’re glad you asked 

SurveyMonkey is a place where the curious come to grow.  We’re building an inclusive workplace where people of every background can excel no matter their time zone. At SurveyMonkey, we weave employee feedback and our core values into everything we do to create forward-looking benefits policies, employee programs, and an award-winning culture, including our annual holiday refresh, our annual week of service, learning and development opportunities like Curiosity Week, and our C.H.O.I.C.E Fund. 

Our commitment to an inclusive workplace

SurveyMonkey is an equal opportunity employer committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.