Senior Offensive Security – Cybersecurity Engineer at Liberty Mutual Insurance
We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer er of everything we do drives a transformational shift at Liberty Mutual. This role can be remote or located at one of our onsite locations. This opportunity requires strong knowledge of common security vulnerabilities and a keen interest in learning and advancing the tools, tactics, and techniques leveraged by the Offensive Security team.
This candidate will be a part of a highly skilled team and will:
Conduct application, cloud, network, and infrastructure penetration tests to identify and/or validate vulnerabilities and ns.
Design/build scripts, tools, or methodologies to enhance offensive capabilities.
Effectively communicate findings, s, and recommendations to technical and executive stakeholders through written reports and verbal presentations.
Collaborate with diverse business partners to ensure the impact of the risk is understood, managed, and remediated.
Able to take on special assignments that may require additional on-the-fly learning.
Ability to multi-task with various engagements that range in technical and non-technical capabilities. Participate in Purple Team activities with defenders in the organization, working collectively to develop defensive use cases rapidly.
2-7 years performing Offensive Security operations in an enterprise environment
Demonstrated expertise in Offensive Security such as: CVEs, bug bounties, CTFs, or independent security research
Certification such as: OSCP, OSWE ity to obtain within 6 months Excellent written, verbal, and interpersonal skills with the ability to adapt messaging to executive, technical, and non-technical audiences Preferred
Deep knowledge in at least one programming/scripting language (Python, C/C++, Power Shell, etc.)Experienced and skilled with the common tools associated with penetration testing (Metasploit, Burp Suite, Cobalt Strike, Bloodhound, Impacket Suite, etc)
Offensive Security experience in cloud technologies (AWS/Azure)
Exploitation and/or Off Sec research experience of containerization technologies Deep knowledge in analyzing and debugging API frameworks
Experienced in presenting technical analysis of security research or technical topics in the form of presentations, webinars, formal publications, white papers, sAbility to work autonomously, meet deadlines, and deliver impactful results.
At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That’s why we provide an environment focused on openness, inclusion, trust and respect. Here, you’ll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession. Liberty Mutual has proudly been recognized as a “Great Place to Work” by Great Place to Work US for the past several years.
We were also selected as one of the “100 Best Places to Work in IT” on IDG’s Insider Pro and Computerworld’s 2020 list. For many years running, we have been named by Forbes as one of America’s Best Employers for Women and one of America’s Best Employers for New Graduates—as well as one of America’s Best Employers for Diversity. To learn more about our commitment to diversity and inclusion
For Remote Senior Offensive Security – Cybersecurity Engineer roles, visit Remote Senior Offensive Security – Cybersecurity Engineer Roles
Security Technologist – Penetration Testing at Uber Driver Partners
Security Technologist – Penetration TestingSecurity Engineer, EngineeringNew York City, New York |
Seattle, Washington |
Los Angeles, California |
New York, New York
About the Role
Uber’s Product Security organization is looking for a penetration tester to join our security assessments team. As a member of our in-house pen-test team, your principle mission will be to conduct offensive pen-testing activities against our micro-services, applications, infrastructure and data-layer services. You will work closely with our engineering groups to define pen-test scope, lead assessment engagements, and map assessment findings into engineering plans of action for remediation, ultimately guiding our product security uplift activities. This is a unique opportunity for an experienced offensive pen-tester who is collaborative, and has a healthy sense of curiosity to join Uber Engineering Security to make real positive impacts to our security posture, and help us improve our security designs in our next-gen of systems and services.
What You Will Do
Conduct white-box and grey-box offensive penetration testing against Uber’s mobile applications, front-end & back-end microservices and web services
Conduct network infrastructure, Public Cloud (AWS and GCP), and data-layer offensive pen-testing
Perform mobile reverse engineering and/or mobile instrumentation of mobile application products as needed to deliver mobile security assessments.
Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed
Be a subject matter expert and ambassador to Uber Engineering for secure coding practices, penetration testing, mobile platform security and all aspects of application and product security
Perform any other application security or product security related activities or tasks as needed or directed
Validate 3rd party external pen-test
For Remote Security Technologist – Penetration Testing roles, visit Remote Security Technologist – Penetration Testing Roles