Staff Security Engineer - Penetration Testing / Ethical Hacking
Cohesity is on a mission to radically simplify how organizations secure and manage their data, while unlocking limitless value. As a leader in data security and management, we make it easy to secure, protect, manage and derive value from data—across the data center, edge, and cloud. At Cohesity, we're a group of builders and go-getters who are committed to doing the right thing. We encourage you to come as you are, as our differences make us stronger.
We’ve been named a Leader by multiple analyst firms and are prominently featured in the Forbes Cloud 100 and CRN’s Coolest Cloud companies.
Join us and we'll lead the way together.
About This Role:
We are actively seeking Security Engineers to join our team. As part of our Security Engineering team, you will be responsible for enabling Secure Product release at the speed of the development team, and continuously improving Cloud and SaaS posture. The role will serve as a Cloud Security specialist in the areas of cloud architecture design, cloud security, access management, security automation, logging and monitoring, endpoint security, network security, and incident handling. Working closely infrastructure and release engineering team to automate and cloud security workflow and
You will also ensure we’re in lock step with product engineering and develop our DevSecOps enabled security services. Engaging with other teams and communicating with stakeholders will be a regular part of the job. We’re looking for an individual who’s motivated by technology, enjoys automation, and problem-solving.
Have significant hands on penetration testing experience and offensive capabilities in numerous core competency areas including web applications,, infrastructure, containers and distributed systems
Having very in depth understanding of exploiting OS and Web Services
Threat Modeling and Pen Testing of Cloud security Infrastructure & services
Have a mature understanding of coverage and risk as an outcome of pen-testing as it relates to product security posture and business needs
Provide guidance on short term mitigation and effective resolutions
Track and research the latest developments in vulnerability research
Have the ability to develop or adapt custom tooling to solve new needs
Build relationships with engineering teams to drive Cohesity products to a mature security state
Perform Security training and outreach to internal development tools.
B.S. or M.S. in Computer Science, Electrical Engineering or related experience
7+ years experience in web and System services level penetration testing
Strong understanding of vulnerabilities, common attack vectors and how to resolve them
Ability to quickly comprehend and digest application/systems designs
Attacker mindset ability to think creatively about relevant threats and attacks
Ability to organize and lead others in a pen test through an attack plan on complex application and systems designs
Well-rounded background in application, network, and system security
Familiarity with public cloud platforms (preferably AWS)
Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
Experience in Pen Tester with OSCP certification and active in bug bounty
REST API Security testing for Authentication and Authorizations
Able to automate API Testing with Burp+Postman
Threat Modeling and design reviews
Deep understanding of Cloud Security fundamentals (Cloud networks and Cloud-based Systems), including cryptography and the shared responsibility model
Experience working in a regulated environment (SOC, ISO, PCIDSS, HIPAA, etc.)
Strong Application Security system security, Infrastructure security knowledge
Data Privacy Notice for Job Candidates:
Equal Employment Opportunity Employer (EEOE)
Cohesity is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law.
Cohesity may require employees who enter its offices to be fully vaccinated against the COVID-19 virus and to provide documented proof thereof. Cohesity will comply with applicable law regarding the reasonable accommodation of individuals who are not vaccinated because of a sincerely held religious belief, disability or medical condition. This vaccination requirement does not apply to employees who work remotely and do not enter Cohesity offices.
Something looks off?