Staff Security Engineer - Pen Testing

Job Description

• Initiate and lead all phases of penetration tests and red team activities, including Scoping, Planning, Communications, and Execution of key activities (Reconnaissance, Vulnerability identification, Exploitation, and Reporting) • Conduct penetration tests across Web applications, APIs, Mobile applications, infrastructure, cloud environments, and devices • Conduct red team engagements across complex environments (including operational technologies) • Experience in Supply Chain Security Risks identification and management • Liaison compliance driven web application penetration tests with external vendors • Triage vulnerability reports submitted to our Bug Bounty program – includes tracking and responding to submissions, coordinating with teams to triage and resolve issues, and providing feedback to security researchers • Engagement with Core Engineering leads to ensure timely risk remediation • Work closely with development teams to design and implement strategies for enhanced shift-left security within the SSDLC • Take a role in the definition of relevant product security architecture strategies, roadmaps, policies, standards, and procedures • Maintain and update relevant solutions and tooling to support new business requirements while ensuring a consistent, compliant, and central service delivery • Document operational procedures (such as those for deployments, breakglass plans etc.) as well as current state architecture and configurations • Provide on-call rotation support to relevant services and tooling • Provide subject matter expertise to project teams, and other audiences as needed

Qualifications

• You have at least 5+ years of experience as an engineer with a Bachelor’s degree; or 3 years of experience with an advanced degree. Instead of a degree, 8+ years of relevant experience may suffice. • Experience in Red/Blue teaming teaming activities and automation • Prior experience managing security tooling infrastructure and configuration • Industry standard certifications like OSCP/OSCE/CEH, CISSP, CWAD • Experience or knowledge about Payments or Financial Services and associated compliance requirements • Understanding of cloud computing architecture • Demonstrated experience creating positive team and cross-team dynamics • Strong analytical and problem-solving skills that enable navigation of complexity, uncertainty, risks and issues • Expert-level knowledge in threat modeling methodologies such as STRIDE or PASTA and their applied use in fast-moving, iterative development lifecycles • Experience in working with static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools • Knowledge of cloud native technologies including containers, Kubernetes, and services provided by AWS, GCP, and Azure • Knowledge of OWASP ASVS, SCVS, and related verification standards • Ability to work independently or with a team, under minimum supervision • Proven ability to apply technical concepts to solve complex business challenges • Ability to network with key stakeholders across multiple teams to influence outcomes through well-articulated thoughts, strong presentation skills, and pragmatic solutions • Understand ownership and support positive outcomes • Remain constructive under pressure, with a flexible working style

Benefits

• Multiple health insurance options • Flexible time off – take what you need • Retirement savings program with company contribution • Equity in a publicly-traded company and an Employee Stock Purchase Program • Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave • Free therapy sessions, financial and professional coaching, and legal advice • Monthly stipend to support our remote work model • Annual “development dollars” to support our people growth and development