Lead Offensive Security Engineer (Product)

Posted:
8/6/2024, 5:18:27 AM

Location(s):
California, United States ⋅ Berkeley, California, United States

Experience Level(s):
Senior

Field(s):
IT & Security ⋅ Software Engineering

Workplace Type:
Remote

Company Overview:

At Praetorian, we are bringing together the world's brightest minds in pursuit of solving the cybersecurity problem by reducing the friction of security and enabling the next wave of technological innovation. From projects that range from cryptocurrency exchanges to autonomous vehicles and from medical device platforms to space telescopes, we apply expertise and engineering to help secure our customers. 

Checkout our new hire survival guide for more information on Praetorian's mission, vision, values, and culture as well as our benefits and perks here

Career Opportunity:

  • Join an industry with massive socio, economic, and political importance in the 21st century
  • Work alongside some of the best and the brightest minds in the security industry
  • Work with prominent clients and help them solve hard security problems
  • Leave an indelible mark on a company where individual input has real impact
  • Align your career trajectory with a hyper growth company that is on the move

Core Responsibilities:

  • Lead the technical execution of challenging offensive security projects for our customers
  • Identify nuanced vulnerabilities in advanced systems
  • Develop custom methodologies, payloads, exploits, and tools to ensure project success
  • Develop documentation for novel mitigation strategies to emerging or undocumented security risks identified in client environments
  • Develop comprehensive reports and presentations for our customers
  • Serve as a mentor to other engineers in their technical and professional development
  • Collaborate with the security community to develop novel attack techniques, tactics, and procedures (TTPs) through Praetorian’s Security Blog and other forms of community engagement

Desired Qualifications:

  • Demonstrated passion for cybersecurity
  • PNPT, BSCP, OSCP, or OSWE certifications
  • BS in Computer Science, Engineering, Mathematics, or Physics or equivalent experience
  • 5+ years of experience in at least four of the following:
    • Product Security Testing (Application, Mobile, LLM)
    • Cloud Security (AWS, Azure, GCP)
    • Web Application Penetration Testing
    • IoT Security (Embedded, Firmware, Wireless)
    • Secure Code Review
    • Reverse Engineering 
    • Vulnerability Research/ Exploit Development
  • Experience developing payloads, exploits or tools
  • Understanding of threat models, attack paths and intelligence considerations within the scoping of technical projects 
  • Ability to write technical reports and present technical findings both internally and externally
  • Experience with startup and/or high-tech companies

+1 Qualifications:

  • Prior security consulting experience
  • Software or web application development experience in multiple languages
  • Experience with cutting edge technology stacks and modern security technologies
  • Advanced technical knowledge in any of the following:
    • Exploit development beyond Windows and for MacOS X or Linux 
    • Reverse engineering malware, data obfuscators, or ciphers
    • Software maturity models such as OpenSAMM, BSIMM, and SDL
    • Identity technologies for Azure AD, Auth0, Firebase, OKTA, or Google Identity
    • Secrets management such as Hashicorp Vault and cloud native KMSs
    • Containerization technologies such as Docker and registry platforms such as DockerHub, ACR, ECR, & GCR
    • Orchestration technologies such as Kubernetes and cluster management platforms such as AKS, EKS, & GKE
    • Command and control channel frameworks and deployment
    • Automotive security, ICS/SCADA, Network device security, Medical device security, Home automation security, and/or cryptocurrency wallet security
    • Hardware RE, software RE, firmware analysis, embedded cryptography, wireless protocols, Software-defined radio, glitching, side-channel analysis, and/or IoT PaaS and similar technologies
  • Capture-the-flag, CCDC, CPTC or other security related competitions
  • Ranked achievements on testing platforms such as Hack the Box, Tryhackme, Portswigger, Proving Ground and similar 
  • Pursuit of advanced learning opportunities via security training courses, conferences, personal projects and similar 
  • Track record in vulnerability research and CVE assignments
  • Security community experience via presentations, conference attendance, blogs, white papers and similar 
  • OSCE, OSEP, OSED, CRTO, cloud certifications and similar 
  • Ability to travel up to 15% to support client engagements

Desired Behaviors:

  • Fanatical passion for cybersecurity and the challenges it presents
  • Customer centric focus with an obsessive need to wow and delight each client
  • Ability to maintain high levels of output and work ethic
  • Personable individual who enjoys working in a team-oriented environment
  • Self-starter and independent learner that is able to spin up quickly
Compensation & Benefits:
  • Competitive salary
  • Employee stock option plan
  • Annual budget for training, certifications, and conferences
  • Competitive coverage on health, dental, and vision insurance premiums
  • 4% company 401K matching vested immediately 

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire. 

We are committed to an inclusive and diverse Praetorian.  We are an equal opportunity employer.  We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

Praetorian

Website: https://www.praetorian.com/

Headquarter Location: Austin, Texas, United States

Employee Count: 101-250

Year Founded: 2010

IPO Status: Private

Last Funding Type: Series A

Industries: Cloud Security ⋅ Cyber Security ⋅ Enterprise Software ⋅ Network Security ⋅ Penetration Testing ⋅ Security ⋅ Software Engineering