Penetration Tester (Senior Offensive Security Engineer)
The Offensive Security Team is responsible for planning and executing penetration tests, red-team scenarios and vulnerability research. We also perform realistic security exercises to simulate various attack scenarios, identify weaknesses in our infrastructure/products helping to validate our detection and response capabilities.
Mimecast will provide a challenging environment and we are seeking a highly motivated individual with in-depth, technical hands-on experience. The ideal candidate should be interested in challenges, proactive and passionate to discuss any findings with other teams.
We collaborate with other security teams to make sure all the infrastructure is secure.
What You’ll Bring:
· Proven penetration testing abilities, ability to carry out manual penetration tests
a. Experience manual reviewing web applications, where targeted source code reviews might be needed. Expert level skills with testing tools including: Burpsuite, nmap, sqlmap.
b. Review of Binary/thick client applications to hunt for potential security problems.
· Offensive/Red-team experience - knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
· Proven ability to test using programming/scripting languages.
· Review of operating systems and network security architectures, knowledge of either Linux, Windows or Mac OS internals.
· Ability to communicate the practical impact of vulnerabilities, build proof of concept code to exploit, define effective remediations, and liaise with developers to find a suitable solution.
· Excellent team-working skills and a "can do, let's get it done" attitude is crucial.
· Experience carrying out simulated adversary attacks to help identify gaps in detection and response capabilities.
· Basic knowledge of reverse engineering tools and techniques.
· Basic code-review skills; while we don't perform “quality checks” the ability to discover new bugs from reading source code is very desirable
· Expert knowledge in Windows and Linux system hardening concepts and techniques.
· Ethical hacking certifications such as OSCP, OSCE or CREST
· A working knowledge of email and mail related systems is a big bonus
· A degree in Computer Science with a strong security element or equivalent work experience
Activities typically outside the job scope:
· Managing vulnerability scanners
· Managing static code analysis tools
· Compliance security
· Extensive code reviews
Cybersecurity is a community effort. That’s why we’re committed to building an inclusive, diverse community that celebrates and welcomes everyone – unless they’re a cybercriminal, of course.
We’re proud to be an Equal Opportunity and Affirmative Action Employer, and we’d encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.
We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won’t affect your application.
Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.