Offensive Security Lead
We are Duo, and we’re here to democratize security for everyone. Our mission is to protect the mission of our customers like Facebook, Twitter, and Etsy by making security simple. We’re a diverse crew of makers and builders, skaters and coders, filmmakers and DJs, teachers and students brought together by a shared belief in adding value to the world. This diversity allows us to bring an empathetic approach to solve some of the most complex global business and security challenges we face today.
What you’ll do…
- Develop and mature the Offensive Security program at Duo in cooperation with cross-organizational stakeholders and partners.
- Execute against three core deliverable areas:
- Security Cartography (situational awareness, discovery)
- Pentesting (Goal-oriented, in cooperation with our AppSec and CloudSec teams)
- Red Team Ops
- Collaborate with the Corporate Security teams to improve hardening and monitoring capabilities.
- Support the Application Security team in pentests where appropriate.
- Work directly with partners in IT and Production Engineering to identify and track changes in Duo’s risk profile.
Skills you have…
- You can successfully build and maintain cross-functional relationships.
- Significant penetration testing experience and offensive capabilities in numerous core competency areas including web applications, networks, infrastructure (cloud and on-prem), native applications, mobile applications.
- Ability to develop bespoke tooling to solve new needs (Python preferred).
- You are comfortable in a self-driven environment where, given a high-level goal, you can task out a path to success and execute accordingly.
Reasons why you should apply…
- You are passionate about helping people fix the problems you find.
- Breaking things is fun, but making things safer is more fun.
- Purple is your favorite color - you thrive off of collaboration with blue teams.
- You are looking for an opportunity to have significant ownership over a critical functional area within a security program.
This job may not be for you if...
- Your interest and experience is scoped to application security. Keep an eye out for job postings on our AppSec team at duo.com/careers
- You are interested in risk management, but lack technical depth and pentesting skills. Take a look at our compliance postings at duo.com/careers.
- Your work ends after the touchdown dance and/or report. We need someone who is personally invested in engaging directly with the IT and product teams tasked to fix issues over the long-term.