Penetration Test Engineer
Your dream job at CrowdStrike is waiting
Join the company now backed by Google Capital
Good at breaking things? This job is for you! This position is responsible for developmental and operational penetration testing for our product and all our online properties.
This position requires someone with expertise in manual and automated web application penetration testing with the knowledge needed to breach security defenses. The ideal candidate will have at least four years of experience performing penetration tests using a mix of commercially available, open source and personally built tools. A solid understanding network protocols and server and Web application weaknesses is also needed. The successful candidate will also have good communication skills and will provide a high level of security expertise to the Company while working in a complex distributed IT environment.
- Integrate into SDLC process and perform regular penetration tests to detect flaws and aid in the correction of the design prior to deployment to production.
- Coordinate and conduct recurring internal and external white hat penetration tests and document results for all Crowdstrike assets.
- Develop and publish reports demonstrating regular remediation of issues raised in the course of penetration testing including trends over time.
- Perform ad-hoc penetration tests as directed in response to security breaches and/or pending attacks.
- Assesses threats to the environment and provide input into security architectures and designs.
- Develops, researches and maintains proficiency in tools, techniques, countermeasures and trends in computer and network vulnerabilities.
- Performs other duties as assigned.
- Bachelor’s degree in Computer Science, Management Information Systems, or work-related discipline/field from an accredited college or university. Equivalent field experience considered.
- 4+ years experience preferred with direct experience either as a vulnerability engineer, technical auditor or penetration tester.
- Hands on security experience pen testing of web applications and network services to proactively discover flaws and track them to resolution.
- Experience using multiple languages (HTML, SQL, C++, Perl, Python, PHP or other) to manually exploit or confirm vulnerabilities and eliminate false positives from results.
- Must have the ability to understand and use the output vulnerability scanners like Nessus and Rapid7 NexPose as the basis for targeted web application penetration testing and use tools like MetaSploit to verify vulnerabilities actually exist and are exploitable.
- Must have the ability to understand, modify and use Proof of Concept (PoC) exploitation code created by others in C++ and C# as well as scripting languages like Python to perform extensive manual binary and scripting application and web penetration testing.
- Must have the ability to create Proof of Concept (PoC) exploitation code independently and explain the results to developers who can close vulnerabilities in our products.
- Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies.
- Excellent understanding of web applications, web servers, frameworks and protocols with respect to application development and deployment.
- Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing.
- Extensive Windows, Mac, Linux and UNIX experience including deep knowledge of associated vulnerabilities, hardening techniques and strategies.
- Ability to communicate technical detail into succinct and fact-based business terminology, both verbally and in writing.
- Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product.
- Ability to use independent judgment to make sound, justifiable decisions and take action to solve problems.
- Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner.
- Ability to plan, organize and prioritize work independently and meet deadlines.
- Ability to work in a collaborative, team environment.
- GIAC Certified Penetration Tester and/or GIAC Certified Ethical Hacker certifications.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.
Company Size: 201-500