Vaga de Offensive Security Engineer
1 vaga: | Publicada em 17/04
- A Combinar
Sobre a vaga
What skills do I need?
Advanced background in Offensive Security (Red Team active participation);
Strong understanding of vulnerabilities, common attack vectors and how to
solve/fix them;
A great eye to identify/analyze attacks on company assets and also simulate
internal/external attacks (Ethical Hacker mindset);
Well-rounded background in host, network and application security (Web, API and
Mobile);
Huge familiarity with threat analysis (malware, phishing, social engineering,
etc);
Attacker mindset ability to think about creative threats and attack vectors;
Knowledge in tailored reconnaissance, weaponization, exploitation and lateral
movement;
Know-How of Threat modeling in a cloud environment;
Experience with common security tools including but not limited to:
Nmap, SQLmap, Metasploit, Kali Linux (OS), Burp Suite, Qualys/WAS, ZAP Proxy,
Prowler, Censys/Shodan and others;
Familiarity with implementation and maintenance of SAST/DAST/IAST sensors;
In-depth knowledge of OWASP10, SANS25 and other world-known security frameworks;
Understanding of a complete SDLC and how to make it secured (S-SDLC)
Familiarity with Cloud platforms (AWS or equivalent);
Ability to lead people to problem resolution when it comes to Security (Integrate
teams, especially Engineering Team);
Effective written and oral communication involving both business and technical
sides of the business;
Quickly identify issues and solve them;
Ability to present technical risks to a broader audience (both written and
spoken);