Offensive Security Engineer, Penetration Tester (Remote)
Santa Monica, CA
IT / Security
Ring is looking for an Information Security Engineer, who has a background in performing both penetration testing and red team practices. This role is intended to help identify security risk in both Ring's cloud, product, services and enterprise technologies.
The candidate should be able to provide the to discover security risks, and work with technology partners to give consultation on best practices in regards to remediation. In addition, candidate should be able to perform threat modeling exercises as well as assist blue team efforts in creating use cases to analyze and respond to notable security events.
- Will be responsible for coordinating penetration testing efforts executed by both internal and external researchers.
- Will audit, review, and perform security assessments of all major Ring cloud, product, and enterprise technologies.
- Perform grey and black box penetration testing as well as cyber threat emulation services.
- Perform goal-oriented red team engagements.
- Lead small teams and participating in project planning.
- Perform Red Team, Blue Team Operations
- Perform SAST based code review, to understand potential security weaknesses, for exploitation purposes.
- Perform scripting in Bash, Python, Ruby, etc.
- Bachelor’s degree in computer science, or equivalent training and experience.
- Minimum of three (3) years of experience performing both penetration testing and red team engagements.
- Strong familiarity with at least one of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards.
- Must have an understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
- Ability to
- Technical Skills proficiency: encryption technologies/standards, IAM, PAM
- Must be proficient in several of the following tools: Metasploit Framework, Qualys, Burp, and the Social Engineering Toolkit.
- Understanding of networking, systems and modern cloud architectures.
- Must have solid working experience and knowledge of Windows and Unix/Linux operating systems.
- Experience in OS and platform hardening best practices on modern cloud compute infrastructure.
- Ability to perform network and packet level forensics, host discovery, and reconnaissance in both cloud and enterprise environments.
- An understanding of common video/content streaming transport protocols.
- A strong understanding of HTTP, and the various security assessment technologies associated.
- Knowledge of Oauth2, SAML, and general IDP technologies.
- Software development or scripting background to create proof of concept or exploitation scenarios.
- Experience leading small teams and mentoring junior staff in an open and positive manner
- Experience on Embedded Linux Device Drivers for ARM based devices.
- Experience with data analysis solutions and SQL engines.
- History of build, and automation engineering and design.
- Understanding of AWS cloud compute architectures and micro-services.
- Usage of Jira, Confluence, and modern enterprise applications.
Ring's mission is to reduce crime in neighborhoods and empower consumers by creating a Ring of Security around homes and communities with its suite of smart home security products: Ring Video Doorbell, Ring Video Doorbell Pro, Ring Stick Up Cam, Ring Floodlight Cam, and the new Alarm Security systems. With these security devices, Ring has created the neighborhood watch for the digital age and continues to keep homes around the world safe. For more information, visit www.ring.com. With Ring, you're always home.
Ring LLC is proud to be an equal opportunity employer - Minority / Women / Disability / Veteran / Gender Identity / Sexual Orientation