As a member of our team, you will be responsible for planning and delivering in depth security assessments across a variety of products and services.
What We'll Give You
- A team of very skilled and diverse personnel across the globe
- Ability to work in a flexible work from home arrangement
- Exposure to mind blowing large-scale cutting-edge systems
- The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day
- Develop new skills and competencies working with our vast cloud product offerings
- Ongoing extensive training and skills development to further your career aspirations
- Incredible benefits and company perks
- An organization filled with smart, enthusiastic, and motivated colleagues
- The opportunity to impact and improve our systems and delight our customers
Nice to Have
- Experience working in a large cloud or Internet software company
- Proficiency with one or more programming languages, preferably Go, Java, Python or C/C++
- Ability to perform manual source code reviews in one of the aforementioned languages, or assisted review with code analysis tools such as CodeQL
- Experience navigating and working with extremely large codebases is also highly desirable
- Experience using common security assessment tools and techniques in one or more the following categories:
- Proficiency in performing mobile application assessment (iOS / Android)
- Reverse Engineering (e.g. IDA Pro/Ghidra/Radare2) and debugging codebase with the objective to find security gaps/vulnerabilities
- Proficiency in Fuzzing (e.g. Jazzer/AFL/Peach) techniques to inject invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities.
- Proficiency in advanced Mobile, API, Infrastructure, Web Application penetration testing to find vulnerabilities such as insecure Java/PHP/PHAR deserialization, XXE, HTTP desynchronization, cryptography weaknesses (exploiting ECB Shuffling, CBC Bit Flipping and etc.), Mass assignments, template injections, HTTP/2 and HTTP/3 protocol issues and etc.
- Knowledge of common vulnerabilities in different types of software and programming languages, including:
- How to test for/exploit them
- Real world mitigations that can be applied
- Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10)
- Ability to threat model systems/applications/platforms to assess design and find flaws that can be exploited
Career Level - IC3
