Responsibilities:
Have significant hands on penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, Multi tier architecture or Distributed Systems
Having very in depth understanding of exploiting OS and Web Services
Threat Modeling and Pen Testing of Cloud security Infrastructure & services
Have a mature understanding of coverage and risk as an outcome of pen-testing as it relates to product security posture and business needs
Provide guidance on short term mitigation and effective resolutions
Track and research the latest developments in vulnerability research
Have the ability to develop or adapt custom tooling to solve new needs
Build relationships with engineering teams to drive Cohesity products to a mature security state
Perform Security training and outreach to internal development tools.
Requirements
B.S. or M.S. in Computer Science, Electrical Engineering or related experience
7+ years experience in application level penetration testing
Strong understanding of vulnerabilities, common attack vectors and how to resolve them
Ability to quickly comprehend and digest application/systems designs
Attacker mindset ability to think creatively about relevant threats and attacks
Ability to organize and lead others in a pen test through an attack plan on complex application and systems designs
Well-rounded background in application, network, and system security
Familiarity with public cloud platforms (preferably AWS)
Effective written and verbal communication
Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
Relevant development/scripting/automation experience in C++, Javascript, Python, Go
Experience in Pen Tester with OSCP certification and active in bug bounty
REST API Security testing for Authentication and Authorizations
Able to automate API Testing with Burp+Postman
Threat Modeling and design reviews
Experience in working with Go, C++ , Node, JavaScript
Deep understanding of Cloud Security fundamentals (Cloud networks and Cloud-based Systems), including cryptography and the shared responsibility model
Experience working in a regulated environment (SOC, ISO, PCIDSS, HIPAA, etc.)
Strong Application Security system security, Infrastructure security knowledge
--
You must verify your mobile number to apply to this job.