Penetration Tester

The Product Security Engineer (Penetration Testing) is responsible for conducting security pen testing, monitoring, and auditing within a dynamic global organization. The products under test will have the coverage of embedded devices and cloud services. The Product Security Analyst should have exposure to embedded devices as well as cloud services (Azure/AWS). Some of the products will be white box tests while others will be total black box engagements. A successful penetration tester will be able to take the product and evaluate the weak points in the design and implementation and focus in on those weaknesses to find security gaps under the guidance of senior engineers and testing leads. The tester should clearly document the findings, analysis and prepare a detailed report.

* Bachelor's Degree in Information Technology, Computer Science or related field is highly desirable.

* Additional advanced security qualifications such as OSCP (Offensive Security Certified Professional) certification, CEH (Certified Ethical Hacker) or equivalent preferred.

* Five or more years (5+ years) of experience in information, application, or embedded product security and/or IT risk management.

* Two or more years (2+ years) of pentesting experience

* Solid understanding of security protocols, cryptography, authentication, authorization, and security

* Good working knowledge of current IT risks and experience implementing security solutions

* Ability to interact with a broad cross-section of personnel to articulate and enforce security measures

* Excellent written and verbal communication skills as well as business acumen

* Strong ability to establish partnerships and influence change and achieve results within dynamic environment

* Meaningful technical contributions into the development lifecycle of an application, product, or service

o Understanding and development experience of embedded systems / software, and web-based applications

o Linux network device driver/data-path performance exposure

o Familiarity with compilers, debuggers, disassemblers, and other low-level development and analysis tools

o Exposure to binary analysis tools such as IDA Pro, WinDbg, BinWalk, Valgrind, PIN, Panda and S2E

o Working knowledge of hacking tools and techniques such as memory corruption exploits, rootkits, protocol poisoning, browser-based attacks, DNS poisoning, MetaSploit, nmap, Nessus, etc.

o An understanding of common cryptographic algorithms and protocols including their weaknesses and attacks against them

o Understanding of network protocols and experience developing packet-level programs

o Understanding of common microcontroller programming tools and debugging interfaces

o Exposure to Layer 2, Layer 3 networking, QoS

o Knowledge of common malware/botnet exploits and how they are targeted to exploit embedded systems

o Operating system configuration of Windows, Linux, Android, and iOS

o Computer boot process including boot loaders

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.