- Las Vegas, NV
We are currently seeking a Penetration Tester to join our Security Risk Assessment Team. The ideal candidate will possess a deep understanding of attack surfaces in modern applications and operating systems. Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment.
Work remotely temporarily due to COVID-19
What you’d be doing:
- Discovers and exploits vulnerabilities affecting Zappos/Amazon infrastructure.
- Develops and maintain tools to assist in vulnerability research and exploit development.
- Communicates information security procedures to the business.
- Escalate issues to vendors, security team, and engineering through standard escalation processes.
- Provide technical expertise and advice on all areas of security technology, including: network security, platform security, authentication/authorization systems, application security, security architecture, policy enforcement, and security frameworks.
- Integrates information security controls into an environment to identify risks and reduce impact.
- Participate in or work directly on, additional projects, assignments or initiatives as required.
What you’d bring to the table:
- 3+ years of Information Security experience.
- 2+ years direct or equivalent experience in areas of penetration testing, exploit development, vulnerability research and fuzzing.
- Extensive knowledge of MITRE ATT&CK Framework.
- Experience performing host, network, and web application penetration tests.
- Scripting experience with the ability to develop custom scripts, exploits, and tools.
- Experience with common penetration testing tools.
- Experience developing detailed penetration testing reports that can speak to multiple audience types.
Preferred experience that really excites us:
- Bachelor of Science in Computer Science, Computer Engineering, or Electrical Engineering or a related technical field or equivalent professional experience.
- Experienced programming using x86/x64 assembly C, C++, and Python (or a comparable scripting language).
- Familiar with the Metasploit framework.
- Source code review for control flow and security flaws.
- Possess excellent communication skills in English, both written and verbal.
- Excellent problem solving skills with the ability to diagnose and troubleshoot technical issues.
- Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)
- Experience with penetration testing, red teams, CTF (Capture The Flag), or bug bounties
- Experience with penetration testing tools.
- Experience with multiple programming languages.
- OSCP, OSCE, GPEN, GXPN, or relevant industry certification.
Back to top