Penetration Test Engineer
CrowdStrike
Additional Responsibilities:
- Perform comprehensive penetration testing assessments across the organization.
- Manage the entire lifecycle of penetration testing findings from discovery, triage, advising, remediation, and validation.
- Work with various different business units to perform penetration testing assessments on systems, infrastructure and applications before go live rollouts.
- Work with third-party vendors to ensure they are meeting and adhering to the organization’s security requirements.
- Examine public facing and internal web applications to discover security weaknesses which present undue security risk to the organization.
- Examine systems and applications to assess the current security posture.
- Manage penetration testing related tickets to drive remediation and ensure issues are on track to be completed within proper timelines.
- Advocate for security best practices across the organization.
What You’ll Need:
- Advanced knowledge of server and client operating systems.
- Advanced knowledge of web application security issues and poses capabilities to assess common weaknesses including, but not limited to those within OWASP top 10.
- Extensive computer skills and an understanding of networking, cryptography, web applications, databases, virtualization, containers, and wireless technologies.
- Deep understanding of dynamic cloud environments and common security weaknesses related to the cloud.
- Ability to prioritize impactful findings and drive items to remediation.
- Experience working with Mac, Windows, Linux and/or other Unix-like variants.
- Extensive understanding of TCP, UDP, HTTP, IP and other network protocols.
- A detailed understanding of how to triage vulnerabilities using CVSS calculators and the ability to validate security related findings.
- Possess the ability to work independently.
- Proactive go getter attitude to solve challenging problems.
- Stays up to date with current vulnerabilities and new attack techniques.
- Ability to automate and script tasks using your preferred language (e.g. Golang, Python, Ruby, Rust, C, C++, BASH, etc.)
- The ability to work with teammates across the organization in different time zones and maintain healthy working relationships.
- Technical security certifications or academic background a plus.
- CVEs or bug bounty rewards
- Documented CTF writeups or victories
- Professional group affiliations
- Open Source project contributions
Bonus Points:
- Experience conducting web application and web API penetration testing.
- Experience working with bug bounty programs.
- Experience executing effective email phishing campaigns with custom domains, website hosting, payload delivery, credential harvesting, antivirus bypass techniques, and additional components within this area.
- Ability to utilize and write scripts against common web APIs (REST, SOAP).
- Knowledge of cloud platforms and highly concurrent systems.
- Knowledge of build pipelines and CI tools.
- You’re a clear thinker and efficient communicator (i.e. written and verbal).
- Ability to create elegant looking PowerPoints or Slide Decks.
Benefits of Working at CrowdStrike:
- Market leader in compensation and equity awards
- Competitive vacation policy
- Comprehensive health benefits + 401k plan
- Paid parental leave, including adoption
- Flexible work environment
- Wellness programs