Senior Penetration Tester
Remote or NYC /
Engineering – Security /
We are looking for a talented penetration tester with experience in a Red Team role to help us to build security into our services, fortify our defenses and protect the systems that enable hungry people to order their food quickly and securely.
We want people who are passionate about penetrating systems, from reconnaissance to exploitation to post exploitation analysis. Comfortable balancing ethical hacking, development, source code analysis, reverse engineering, infrastructure testing, threat modelling and red teaming activities. A team member who enjoys the challenge of penetrating a wide variety of technology platforms and protocols and partnering with software engineers to ensure it never happens again.
What You'll Be Doing
- Penetration testing of web applications, native apps and other systems
- Design and code reviews of new systems and features
- Coaching and collaborating with engineers to build in security and privacy by design
- Threat modelling as needed
- Providing stakeholders with concise, well-written penetration reports as needed
- Coordinating and tracking penetration testing and vulnerability assessment remediations
- Conducting Red Team exercises to evaluate and improve processes and technologies. Including application design, threat detection, incident response, patching, vulnerability remediation, secure development training and user training.
- Partnering with Blue Team on a daily basis to manage risk as threats evolve
- Optimizing various security technologies
- Collaborating with other engineering and business teams as needed
- Educating and influencing employees on security and coaching junior team members
- Ensuring security policies and standards are understood and complied with
- Working with PCI and SOC auditors to provide evidence of compliance
- Assisting with third party software and provider due diligence
- Continuing to develop your skills, knowledge and capabilities
- Contributing to security strategy, policies and standards
What We'll Expect From You
- Previous Penetration Testing, Red Team or Application Security experience
- Proficient with common attack tools, vulnerability assessment and static inspection tools. Examples include Burp, SET, Metasploit, Nmap, Nessus and Coverity.
- Deep knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards
- Adept at collaborating with software engineers to build security and privacy during design and development.
- Experience using proven secure development frameworks and industry and best practices. Examples include OWASP Top 10, SANS Top 25 and Microsoft SDL.
- Proven experience partnering with Blue Teams to lower risk.
- Proficient bypassing and tuning security technologies. Examples include Anti-Malware, Intrusion Detection System (IDS), Data Leak Prevention (DLP), File Integrity Monitoring (FIM), Firewalls, Security Information and Event Monitoring (SIEM), Multi Factor Authentication (MFA), Web Proxies and Web Application Firewalls (WAF)
- Familiarity with AWS security best practices and Infrastructure-as-Code
- 5+ years of Information Technology experience with a focus on Security
- Strong English writing and verbal communication skills
- Legal right to work in the U.S.
Nice to Have
- Published CVEs
- Experience as a Software Engineer
- PCI, SOC, ISO or CSC20 experience
- OSCP, CEH, GWAPT, GPEN, GCIH, or similar certification
What's Important to Olo
- Our families come first. We know they make us who we are and they are who we live and work for every day.
- Olo is our extended family. We’re in this together, fighting for one another. We’re happy to be here. We will not let one another down.
- We learn from and fight through setbacks. We recognize and help one another with direct feedback.
- We care about you. We offer 20 days of paid time off, fully paid health, dental and vision care premiums, stock options, a generous parental leave plan.
- We value diversity. At Olo, we know a diverse and inclusive team not only makes our products better, but our workplace better. Many groups are consistently underrepresented across the tech sector and we are fully committed to doing our part to move the needle.
- Learn more about our culture, values, and mission. https://www.olo.com/images/culture.jpg.
Olo is committed to the well-being of candidates, employees and our community. The Olo NYC Headquarters will be closed for the foreseeable future because of the global outbreak of COVID-19. While an in-person interview is typical for many roles at Olo, we will conduct interviews via video conferencing while our HQ is closed. Olo benefits from the fact that over half of our workforce is remote, therefore we are accustomed to conducting interviews via video conferencing and we anticipate no impact on our recruiting timelines. We encourage candidates to share any concerns or questions with Olo’s recruiting team.
Olo powers digital ordering and delivery programs that connect restaurant brands to the on-demand world, placing orders directly into the restaurant through all order origination points – from a brand’s own website or app, third party marketplaces, social media platforms, smart speakers, and home assistants. Olo serves as the on-demand ordering and delivery platform for over 300 brands, such as Applebee’s, Checkers & Rally’s, Cheesecake Factory, Chili’s, Dairy Queen, Denny’s, Five Guys Burgers & Fries, Jamba Juice, Noodles & Company, Portillo’s Hot Dogs, Shake Shack, sweetgreen, Wingstop, and more. Learn more at www.olo.com.
Olo's headquarters is located on the 82nd floor of One World Trade Center. We offer great benefits, such as 20 days of Paid Time Off, fully paid health, dental and vision care premiums, stock options, a generous parental leave plan, and perks like FitBits, rotating craft beers on tap in our kitchen, and food events featuring our clients' menu items (now you know why we give out FitBits!). Check out our culture map:https://www.olo.com/images/culture.jpg.
We encourage you to apply!
Olo is an equal opportunity employer and diversity is highly valued at our company. All applicants receive consideration for employment. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, pregnancy, age, marital status, veteran status, or disability status.
If you like what you read, hear, and/or know about Olo, and want to be a part of our team, please do not hesitate to apply! We are excited to hear from you!