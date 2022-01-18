Qualifications:
- 4+ years experience in software security.
- Bachelors degree in Computer Science or similar field or equivalent work experience is desirable
- Role relevant qualifications, i.e., Security Testing.
- 3+ years of proficiency in at least 1 scripting programming language, familiarity with Java, and familiarity with Python
Requirements:
- Passionate about internet security issues and the threat landscape for popular software & services
- Candidate must possess good oral and written communication skills.
- Experience with the design and implementation of technical security controls.
- Experience performing or supporting Red Team engagements with an understanding of a holistic assessment
- Experience with full-stack (Linux / Unix) software architectures from UI to infrastructure.
- Experience with serverless architectures, and common virtualization techniques (hypervisors/containers/jails) and escapes/exploits from these environments.
- Experience with micro-service, API-based agent, or service-oriented software architectures.
- Operations experience with CI/CD development or managing distributed systems
- Web service assessment experience with authentication controls, session management, access controls, logic flaws, injection vulnerabilities, request smuggling, cloud privilege escalation, DOS attacks
Responsibilities:
- Contribute to the design, implementation, and execution of security review and test methodologies for the testing of the company services. Ensuring remediation of risks by partnering with service teams.
- Perform a rolling security review across the estate by penetration testing and red teaming on production systems
- Scope and perform real-life attack scenarios to test and measure the company detection capability and at the same time determine detection thresholds, silent to noisy.
- Work with development teams across the company to create comprehensive security tooling and functional improvements at scale.
- Assist with Incident Response if and when called upon and validate that detective and preventative technology approaches work on the newest threats.
- Be a mentor for other members in the team