Medallia’s mission is simple: to create a world where companies are loved by customers and employees alike. Hundreds of the world’s best-loved brands trust Medallia’s Software-as-a-Service application to help them capture customer feedback everywhere the customer is (on the phone, in store, online, mobile), understand it in real-time, and deliver insights and action everywhere—from the C-suite to the frontline—to improve their performance. Founded in 2001, Medallia is growing quickly with more than 1000 employees globally in Silicon Valley, New York, London, Paris, Sydney, Buenos Aires, and Tel Aviv.
Some of the biggest names in Global 2000 organizations rely on Medallia to drive business innovation and customer experience. As Medallia becomes a trusted partner to organizations across the globe and spanning several industry verticals, it is more important than ever that we continue to stay a step ahead in securing our applications, services and data.
Medallia’s security team is responsible for the security of the overall Medallia platform and global infrastructure. We are looking for someone with exceptional technical expertise, who understands multi-tenant SaaS environments, heterogeneous infrastructure environments, microservices, and has, excellent communication skills
The objective of the Sr. Product Security Engineer - Red Teaming position is to think like an attacker and use your wit, intuition, and broad technical skills to perform internal and external ethical hacking to help Medallia proactively identify and address weaknesses in its global corporate and production environments.
This position will also drive Engineering security policies and practices, assist the Security Operations team in honing its incident response capability, and work with Engineering teams to evolve the company’s security mindset and skillset.
- Identify and maintain an inventory of sensitive corporate assets, and apply a risk-based approach to selecting targets for red teaming activities.
- Coordinate and lead ethical hacking against Medallia’s corporate and production networks, across all layers of the stack (e.g., network, OS, application).
- Use tools, frameworks, scripts, and ingenuity to mount complex ethical attacks against Medallia’s entire attack surface.
- Perform vulnerability management (logging tickets to help Engineering teams address discovered vulnerabilities).
- Provide training to Engineering teams, to help them avoid security problems before they’re introduced.
- Contribute to application/system design reviews, to address potential security issues early in the implementation lifecycle.
- Keep current on new and evolving attack techniques and vulnerabilities in emerging technologies.
- May require non-standard work hours from time to time, in order to achieve a successful covert exercise.
- 3-5 (5+ preferred) years of experience performing security assessments, vulnerability management and penetration testing
- Not afraid of taking ownership of projects and drive resolution without close supervision
- Proven skills in ethical exploitation of networks, operating systems, and web applications
- Thorough working knowledge of ethical hacking tools (e.g., Kali Linux, Nessus, Nmap, Burp Suite, Metasploit, Nessus)
- Solid working security knowledge of Amazon Web Services (AWS), Active Directory, LDAP, SMTP, Java web applications
- Independent problem solving capabilities and excellent communication skills
- Docker containerization and orchestration (e.g., Mesos, Aurora, ZooKeeper, Docker Hub)
- Continuous Integration/Deployment (CI/CD) systems (e.g., Jenkins, Artifactory) and associated security properties
- Mobile application hacking
- Reverse engineering
- Proficiency with Python, Ruby, or other scripting languages
At Medallia, we don’t just accept difference - we celebrate it and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. Equal opportunity and consideration are afforded to all qualified applicants and employees. We won't unlawfully discriminate on the basis of gender identity or expression, race, ethnicity, religion, national origin, age, sex, marital status, physical or mental disability, Veteran status, sexual orientation, and any other category protected by law.
Medallia is committed to working with and providing reasonable accommodation to applicants with disabilities in accordance with the American Disabilities Act and state disability laws.