Offensive Security Engineer, Penetration Tester
California (St. Mary's) Design / Civil engineering / Industrial engineering
Job description
DESCRIPTION
Ring is looking for an Information Security Engineer, who has a background in performing both penetration testing and red team practices. This role is intended to help identify security risk in both Ring's cloud, product, services and enterprise technologies.
The candidate should be able to provide the to discover security risks, and work with technology partners to give consultation on best practices in regards to remediation. In addition, candidate should be able to perform threat modeling exercises as well as assist blue team efforts in creating use cases to analyze and respond to notable security events.
Responsibilities
· Will be responsible for coordinating penetration testing efforts executed by both internal and external researchers.
· Will audit, review, and perform security assessments of all major Ring cloud, product, and enterprise technologies.
· Perform grey and black box penetration testing as well as cyber threat emulation services.
· Perform goal-oriented red team engagements.
· Lead small teams and participating in project planning.
· Perform Red Team, Blue Team Operations
· Perform SAST based code review, to understand potential security weaknesses, for exploitation purposes.
· Perform scripting in Bash, Python, Ruby, etc.
Desired profile
BASIC QUALIFICATIONS
· Bachelor's degree in computer science, or equivalent training and experience.
· 3+ years of experience performing both penetration testing and red team engagements.
· 1+ years of expereince with at least one of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.
· Knowledge of common Web Application vulnerabilities like XSS, CSRF, and others.
· 2+ years of experience in several of the following tools: Metasploit Framework, Qualys, Burp, and the Social Engineering Toolkit.
· 2+ years of experience in networking, systems and modern cloud architectures.
· 2+ years of experience and knowledge of Windows and Unix/Linux operating systems.
· 2+ years of experience in OS and platform hardening best practices on modern cloud compute infrastructure.
· 2+ years of experience performing network and packet level forensics, host discovery, and reconnaissance in both cloud and enterprise environments.
· 2+ years of experience with common video/content streaming transport protocols.
· 2+ years of experience with HTTP, and the various security assessment technologies associated.
· 2+ years of experience with Oauth2, SAML, and general IDP technologies.