Principal Security Engineer

Overview

Atlassians can choose where they work – whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company.

Role Specifics

Do you love penetration testing, application security and uplifting programs and capabilities? We’re looking for a principal Security Testing Engineer to work closely with the Security Testing Manager to build the Security Testing team and capability. You will be the Technical SME, drive process improvements, and equip the team with the latest tools techniques and methodologies to find meaningful vulnerabilities which off-the-shelf tools won’t.

As the principal Security Testing Engineer you will be responsible for penetration testing and manual code review across Atlassian’s vast footprint. You will lead others to validate the state of Atlassian’s technical security, working closely with our security teams and leadership groups.

More about our team

We are a growing security team committed to protecting the security of our customers and of Atlassian itself. You will be part of the Security Testing team whose mission is to partner with internal teams to provide innovative and holistic security testing solutions to secure Atlassian products, platforms and customers.

Our Security Testing team:

• Love pen testing & code review

• Enjoy working together

• Love sharing knowledge (and learning from others)

• Have great communication skills

• Are keen to contribute to the efforts of a larger security team

• Enjoy building as much as breaking

Responsibilities

This role supports Atlassian’s security team, Engineers and Customers by providing world class technical assurance of our software, platforms and services through high quality manual penetration testing and code review. The principal security testing engineer will be responsible for establishing and growing a team of penetration testers based out of our Bangalore office.

Role Experience

Day-to-day this person will be:

• Providing SME knowledge and guidance to a team of pen testers/code review

• Continuing to mature pen testing/code review workflows

• Identifying and recruiting top-class penetration testing talent

• Supporting and guiding the growth of a India based penetration testing team

• Analysing vulnerability data for trends and gaps in controls

Biggest challenges: staying current; maturing talent; managing pipeline; recruiting top-tier talent

Early Success

• Identifying significant vulnerabilities in Atlassian products prior to production deployment

• Building contacts in the Atlassian engineering team, product team and security team

• Building and leveraging existing contacts to identify potential talent to join the team

• Establishing testing processes in the local team that complements and extends existing processes

• Identifying insights which contribute to strategic investments

• Maturing holistic security testing plays/processes

Future Success

• You will have established a team of 5-7 highly talented penetration testers

• The team will be fully integrated with the global team in providing high-quality testing

• You will work hand-in-glove with your peers to proactively identify where security testing can be applied to new and existing product features and development pipelines

Qualifications

• 6+ years penetration testing experience in a consultancy, dedicated internal pentesting team, or similar offensive security function

• 2+ years experience as an offensive security team lead

• Strong experience in white-box application security testing; bonus if in Java

• Full stack application security technical experience

• Delivery focused

• Experience mentoring junior penetration testers

On your first day, we'll expect you to have:

• The ability to complete a penetration test and code review of a modern cloud application

• Experience leading security teams on complex penetration testing engagements

• Strong, practical understanding of security testing methodologies, supporting infrastructure requirements and legal considerations

• Strong collaboration and communication skills when working with closely with deeply technical development and infrastructure teams

• Worked in a principal penetration testing/application security role

• Strong application security experience

• Experience with program development and uplift

• Affinity for growing teams and helping people succeed

It's great, but not required, if you have:

• CVE’s to your name

• Contributions to open source security or penetration testing tools

• Delivered industry presentations

• Public write ups or blogs of vulnerabilities you have identified

• Certifications, notably: OSWE, OSCP, OSCE, or CREST CRT, or GPEN

• Comfortable operating in AWS, Azure, and/or GCP

Our perks & benefits

Atlassian offers a wide range of perks and benefits designed to support you, your family and to help you engage with your local community. Our offerings include health and wellbeing resources, paid volunteer days, and so much more. To learn more, visit go.atlassian.com/perksandbenefits.

About Atlassian

At Atlassian, we're motivated by a common goal: to unleash the potential of every team. Our software products help teams all over the planet and our solutions are designed for all types of work. Team collaboration through our tools makes what may be impossible alone, possible together.

We believe that the unique contributions of all Atlassians create our success. To ensure that our products and culture continue to incorporate everyone's perspectives and experience, we never discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. All your information will be kept confidential according to EEO guidelines.

To provide you the best experience, we can support with accommodations or adjustments at any stage of the recruitment process. Simply inform our Recruitment team during your conversation with them.

To learn more about our culture and hiring process, visit go.atlassian.com/crh.