Lead Offensive Security Engineer (REMOTE - Palo Alto, CA)
Skyflow
Palo Alto, CA, USA
Posted on Monday, September 13, 2021
<h4> <strong>Lead Offensive Security Engineer (Red/Purple Team) (REMOTE - Palo Alto, CA)</strong> </h4> <p> <strong>About Skyflow:</strong> </p> <p> <span style="font-weight:400;">We are Skyflow, a Silicon Valley startup that has built the world’s first data privacy vault delivered as an API. Our mission is to transform how businesses handle and protect their users’ financial, healthcare, and personal information — the data that powers our digital economy. Inspired by the zero trust data vaults that Apple and Netflix built to handle customer data, we've built a cloud-based vault that is available through a simple and elegant API. With Skyflow, developers can easily build best-of-breed data privacy, security and compliance directly into their applications, the same way they use Stripe, Twilio, or Okta.</span> </p> <p> <span style="font-weight:400;">Skyflow is based in Palo Alto California, with offices in Bangalore, India, and team members working from locations all around the world. We have former Executives and Leaders from the likes of Salesforce, Google, Twilio, and Oracle. Come join us!</span> </p> <h4> <strong>About the role:</strong> </h4> <p> <span style="font-weight:400;">As the Lead Offensive Security Engineer</span> <span style="font-weight:400;">, you will collaborate and lead the area with the responsibility of validating the security posture of Skyflow's Infrastructure, and Application and Security controls. The team enhances existing service offerings & security testing capabilities and conducts hands-on technical testing, focused on identification of complex vulnerabilities in all infrastructure and products. The candidate must also have the ability to communicate well, motivate and lead cross-functionally as well as be an independent individual contributor, and participate in coordinating response and defensive actions over a variety of security disciplines, and finally, disseminate technical information as appropriate in support of Skyflow's critical business, go to market, and operational infrastructure needs.</span> </p> <p> <span style="font-weight:400;">We know great Offensive Security Engineers come from diverse backgrounds so no single individual may have all the desired skills on day one. But if you are the kind of software engineer who would have loved to engineer security solutions for enterprise platform offerings - we want to talk to you.</span> </p> <p> <strong>Qualifications:</strong> </p> <ul> <li style="font-weight:400;"><span style="font-weight:400;">7+ years of conducting Offensive Security Testing (i.e. Red Teaming, Purple Teaming, Threat Intelligence, Penetration Testing, and Product Testing)</span></li> <li style="font-weight:400;"><span style="font-weight:400;">3+ years in leadership role</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Experience designing a program and creating Standard Operating Procedures, Rules of Engagement, Testing Methodologies</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Experience conducting advanced penetration testing exercises (Network, Web Application, Mobile and Cloud)</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Experience reporting findings and developing pragmatic recommendations with the product ecosystem in mind</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Experience emulating advanced adversarial Tactics, Threats, and Procedures (TTPs)</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Experience with offensive tools and platforms such as Kali Linux, Cobalt Strike, Metasploit, Covenant, Sliver, Bloodhound, Ghostpack, Nmap, Nessus, Zmap, Massscan, EyeWitness, Burp Suite</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Experience with infrastructure automation, server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code development, offensive security operation coordination and communication, vulnerability tracking and remediation, cross functional collaborations</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Effective communicator with experience working in a fast-paced dynamic environment, where prioritization is key to success</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Any of the following industry certifications are nice to have: OSCP, CRTO, OSEP, OSED, OSMR, OSEE, OSWE, OSWP, GPEN, GCIH, GWAPT, GDAT or GXPN</span></li> </ul> <p></p> <p> <strong>Responsibilities:</strong> </p> <ul> <li style="font-weight:400;"><span style="font-weight:400;">Systematically analyze each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering</span></li> </ul> <ul> <li style="font-weight:400;"><span style="font-weight:400;">Leverage war gaming to simulate security incidents, observe response across monitoring and incidents, and identify enhancement opportunities</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Develop after action reports to help justify this investment and use the results to hone strategies for the overall organization</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Make contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, blogs, publications, speaking at conferences, etc.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Execute Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Develop payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Document identified vulnerabilities and research corrective/remediation actions in order to recommend a risk mitigation technique(s)</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Maintain knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Communicate effectively with team members and during an engagement</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Keep current with TTPs and the latest offensive security techniques</span></li> </ul> <p> <strong>Benefits:</strong> </p> <ul> <li style="font-weight:400;"><span style="font-weight:400;">Work from home expense (U.S., Canada, and Australia)</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Excellent Health, Dental, and Vision Insurance Options (Varies by Country)</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Vanguard 401k</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Very generous PTO</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Flexible Hours</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Generous Equity</span></li> </ul> <p> <span style="font-weight:400;">At Skyflow, we believe that diverse teams are the strongest teams. We invite applicants of all genders, races, ethnicities, nationalities, ages, religions, sexual orientations, disability statuses, educational experiences, family situations, and socio-economic backgrounds.</span> </p> <p> <span style="font-weight:400;"> <strong data-stringify-type="bold">Pay:<br><br><em data-stringify-type="italic">A base salary range of $150,000 - $240,000 can be expected for this role in the San Francisco/Bay Area. </em>You could also be entitled to receive an additionalincentive bonusor variable pay, equity, and benefits.<br><br>Skyflow operates from a place of high trust and transparency; we are happy to disclose the pay range for our open roles that best align with your needs.<strong>Exact compensation may vary based on skills, experience, education, and location.</strong></strong> </span> </p>
Skyflow is an equal opportunity employer.
See more open positions at Skyflow