• You have at least 5+ years of experience as an engineer with a Bachelor’s degree; or 3 years of experience with an advanced degree. Instead of a degree, 8+ years of relevant experience may suffice
• Experience in Red/Blue teaming teaming activities and automation
• Prior experience managing security tooling infrastructure and configuration
• Industry standard certifications like OSCP/OSCE/CEH, CISSP, CWAD
• Experience or knowledge about Payments or Financial Services and associated compliance requirements
• Understanding of cloud computing architecture
• Demonstrated experience creating positive team and cross-team dynamics
• Strong analytical and problem-solving skills that enable navigation of complexity, uncertainty, risks and issues
• Expert-level knowledge in threat modeling methodologies such as STRIDE or PASTA and their applied use in fast-moving, iterative development lifecycles
• Experience in working with static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools
• Knowledge of cloud native technologies including containers, Kubernetes, and services provided by AWS, GCP, and Azure
• Knowledge of OWASP ASVS, SCVS, and related verification standards
• Ability to work independently or with a team, under minimum supervision
• Proven ability to apply technical concepts to solve complex business challenges
• Ability to network with key stakeholders across multiple teams to influence outcomes through well-articulated thoughts, strong presentation skills, and pragmatic solutions
• Understand ownership and support positive outcomes
• Remain constructive under pressure, with a flexible working style

Desirable

• We are looking for a Staff Adversarial Engineer with a passion for Product Security and a deep expertise in Penetration Testing
• The ideal candidate will be excited about an opportunity to heavily contribute to the penetration testing, security architecture reviews and security best practices in cloud
• Initiate and lead all phases of penetration tests and red team activities, including Scoping, Planning, Communications, and Execution of key activities (Reconnaissance, Vulnerability identification, Exploitation, and Reporting)
• Conduct penetration tests across Web applications, APIs, Mobile applications, infrastructure, cloud environments, and devices
• Conduct red team engagements across complex environments (including operational technologies)
• Experience in Supply Chain Security Risks identification and management
• Liaison compliance driven web application penetration tests with external vendors
• Triage vulnerability reports submitted to our Bug Bounty program – includes tracking and responding to submissions, coordinating with teams to triage and resolve issues, and providing feedback to security researchers
• Engagement with Core Engineering leads to ensure timely risk remediation
• Work closely with development teams to design and implement strategies for enhanced shift-left security within the SSDLC
• Take a role in the definition of relevant product security architecture strategies, roadmaps, policies, standards, and procedures
• Maintain and update relevant solutions and tooling to support new business requirements while ensuring a consistent, compliant, and central service delivery
• Document operational procedures (such as those for deployments, breakglass plans etc.) as well as current state architecture and configurations
• Provide on-call rotation support to relevant services and tooling
• Provide subject matter expertise to project teams, and other audiences as needed
• Your Manager: Krantikishor Bora - Senior Manager, Product Security

• Application submission
• Recruiter phone call
• Hiring manager video call
• Virtual “Onsite” consisting of 4-5, 45 min calls
• Offer!