Penetration Test Engineer (Remote) at CrowdStrike
About the Role:
Good at breaking things? Have a strong passion for security best practices? This job is for you! This position is responsible for developmental and operational penetration testing for CrowdStrike assets, infrastructure and online properties.
This position requires someone with expertise in manual and automated web application penetration testing with the knowledge needed to breach security defenses. The ideal candidate will have at least two years of experience performing penetration tests using a mix of commercially available, open source and personally built tools. A solid understanding of network protocols, server and web application weaknesses is also needed.
The successful candidate will have strong communication skills and poses the ability to speak to all levels while working in a complex distributed cloud-based environment.
Perform comprehensive penetration testing assessments across the organization.
Manage the entire lifecycle of penetration testing findings from discovery, triage, advising, remediation, and validation.
Work with various different business units to perform penetration testing assessments on systems, infrastructure and applications before go live rollouts.
Work with third-party vendors to ensure they are meeting and adhering to the organization’s security requirements.
Examine public facing and internal web applications to discover security weaknesses which present undue security risk to the organization.
Examine systems and applications to assess the current security posture.
Manage penetration testing related tickets to drive remediation and ensure issues are on track to be completed within proper timelines.
Advocate for security best practices across the organization.
What You’ll Need:
Advanced knowledge of server and client operating systems.
Advanced knowledge of web application security issues and poses capabilities to assess common weaknesses including, but not limited to those within OWASP top 10.
Extensive computer skills and an understanding of networking, cryptography, web applications, databases, virtualization, containers, and wireless technologies.
Deep understanding of dynamic cloud environments and common security weaknesses related to the cloud.
Ability to prioritize impactful findings and drive items to remediation.
Experience working with Mac, Windows, Linux and/or other Unix-like variants.
Extensive understanding of TCP, UDP, HTTP, IP and other network protocols.
A detailed understanding of how to triage vulnerabilities using CVSS calculators and the ability to validate security related findings.
Possess the ability to work independently.
Proactive go getter attitude to solve challenging problems.
Stays up to date with current vulnerabilities and new attack techniques.
Ability to automate and script tasks using your preferred language (e.g. Golang, Python, Ruby, Rust, C, C++, BASH, etc.)
The ability to work with teammates across the organization in different time zones and maintain healthy working relationships.
Technical security certifications or academic background a plus.
CVEs or bug bounty rewards
Documented CTF writeups or victories
Professional group affiliations
Open Source project contributions
Experience conducting web application and web API penetration testing.
Experience working with bug bounty programs.
Experience executing effective email phishing campaigns with custom domains, website hosting, payload delivery, credential harvesting, antivirus bypass techniques, and additional components within this area.
Ability to utilize and write scripts against common web APIs (REST, SOAP).
Knowledge of cloud platforms and highly concurrent systems.
Knowledge of build pipelines and CI tools.
You’re a clear thinker and efficient communicator (i.e. written and verbal).
Ability to create elegant looking PowerPoints or Slide Decks.