Senior Staff Engineer - Security Engineer

  • Full-time
  • Service Region: Mexico

Company Description

We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at scale — across all devices and digital mediums, and our people exist everywhere in the world (19000+ experts across 33 countries, to be exact). Our work culture is dynamic and non-hierarchical. We are looking for great new colleagues. That is where you come in!

Job Description

We are looking for a Sr. security professional with experience performing security testing (Pen testing) of Applications, & Cloud Environments and articulate the findings in an easily consumable manner to the various internal stakeholders.

You should have exposure to work as a security advisor/consultant for client organizations.

Capability to think Out-of-the-Box and work as a security advisor for client org is key to this role.
 

    Qualifications

    Must have Skills: Penetration Testing, Vulnerability Management, Cyber Risk Consulting.

    Overall 8+ years of experience in the cyber security domain.

    4-5 years of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server).

    Should have at least 3 years of experience in Security consulting role working as consultant and/or advisor to the client.

    Thorough knowledge of the OWASP framework and testing guide.

    Hands-on knowledge of Pen testing, red team exercise, and bug hunting.

    Knowledge on scripting (e.g. in Python, PowerShell, JavaScript) to write automation scripts & PoCs.

    Knowledge on SSO and OAuth 2.0 flows.

    Should be able to perform assessment to detect open-shares and non-compliant AD accounts.

    Should be well versed with the following tools: Burp Suite, Postman, VirtualBox, Kali Linux, Metasploit, Android Studio (AVD), Scripting, Tenable, AWS, Azure and GCP, DAST and SAST solutions, Snowflake and data modeling concepts.

    Good to have skills:

    • Security certifications i.e. OSCP, OSWE, CCSP are a plus.
    • Experience of cloud security.
    • Exposure to SIEM and SOC side of security ecosystem.
    • Working experience of advisory/consulting role for CISO org.
    • Exposure to DB scripting, data extraction and dashboarding will be a key advantage.
    • Should be good at performing Security Testing of the following: Web Application, API, Mobile applications (android + iOS), Infrastructure (Server + network), AWS, Azure, and GCP environments.
    • Pen Testing and Red team exercises against assigned target scope.
    • Write automation & PoC scripts from time to time.
    • Pentest Identity Provider (IdP) integrated applications with SSO and OAuth.

    Good To Have Skills: Snowflake, Database Design - General Experience

    Privacy PolicyImprint