|Location||San Diego, CA|
|Preferred GIAC Certifications||GPEN, GXPN, GWAPT, GCIH, GPYC|
|Contact Name||Derek Rook|
Job page and qualifications are written for a staff level candidate, but all candidates from mid to staff level are welcome. Position is for an internal offensive security team, working on site in San Diego, CA. Relocation benefits for remote candidates available.
Apply through the URL
Small internal team responsible for all offensive security activities, including product penetration testing (primary), network pen testing (black, grey, white, crystal, all of the boxes), red teaming, etc. Work closely with the defensive and development security teams to ensure remediation of findings, with a goal of zero repeat findings across multiples tests and products. Significant support from executives and significant interest from front line developers. Drive impact and change throughout the organization. Travel for work is rare (under 10%), though travel for training and conferences can be up to a couple weeks a quarter.
Interview process includes 5 hands on challenge questions for prescreen (should take 5-20 minutes), phone screen (2 for remote candidates), and a half day on site interview. On site interview includes a small (1 hour) CTF style challenge, lunch, and meeting with a few other members of the team. Interviews focus on practical hands on knowledge (some white board design/architecture discussions, NO white board programming), culture fit, and ability to work with the team (CTF is not closed book, work with the team).
- Excellent written and verbal communication skills
- Ability to communicate effectively with business representatives in explaining findings clearly and where necessary, in layman's terms
- Knowledge of networking fundamentals (all OSI layers)
- Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes
- Knowledge of software exploitation (web, client-server, and mobile) on modern operation systems. Familiarization with XSS, SSRF, filter bypassing, etc
- Ability to automate tasks using a scripting language (Python, Ruby, etc)
- Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
- Knowledge of conducting physical security penetration testing in small independent teams
- Knowledge of malware packing and obfuscation techniques
- Ability to perform targeted penetration tests without use of automated tools
- Ability to read multiple programming and scripting languages
- Strong attention to detail conducting analysis combined with an ability to accurately record full documentation in support of their work
- 5+ years in an offensive security position or 8+ years in security
- Advanced Penetration testing focused certifications preferred (OSCE, GXPN, GWAPT, eWPTX, ECPTX)