Job description

Responsibilities

• Perform in-depth penetration testing and vulnerability assessments on large-scale distributed systems developed in C++, Python, and Go.

• Discover and exploit vulnerabilities in containerized environments including Docker, Kubernetes, and related platforms.

• Collaborate with development teams to integrate secure coding practices and threat mitigation strategies throughout the SDLC.

• Design, build, and maintain security testing tools to automate detection of common and complex vulnerabilities.

• Participate in threat modeling, design reviews, and code reviews to identify potential security risks early in the development process.

• Act as a security advisor to engineering teams within the Runtime Platforms group, supporting secure architecture and implementation decisions.

• Document security issues, findings, and recommendations clearly and effectively for both technical and non-technical audiences.

• Stay current with emerging security threats, industry trends, and mitigation techniques.

• Support incident response efforts, including forensic investigations and root cause analysis of security breaches.

• Engage with the internal Tech Risk team to ensure alignment with corporate security policies and regulatory requirements.

• Develop and deliver internal security training programs tailored to engineering teams.

Basic Qualifications

• Strong programming skills in C++ (preferred), with additional experience in Python and/or Go.

• Proven experience conducting penetration testing and vulnerability assessments on complex, distributed systems.

• Deep knowledge of Linux internals and networking fundamentals (e.g., TCP/IP, routing, DNS, firewalls).

• Hands-on experience with container security, including Docker, Kubernetes, and orchestration tools.

• Familiarity with common security tools, frameworks, and techniques used in offensive and defensive security.

• Strong analytical and troubleshooting skills with the ability to navigate large, unfamiliar codebases.

• A holistic approach to security risk analysis and the ability to make informed trade-offs.

• Excellent communication skills and the ability to explain technical security concepts to diverse audiences.

Preferred Qualifications

• Industry certifications such as OSCP, CEH, or CISSP.

• Experience with cloud security (AWS, GCP, Azure) and securing infrastructure-as-code environments.

• Proficiency in security automation and orchestration tools (e.g., SOAR platforms).

• Contributions to open-source security tools or communities.

• Familiarity with industry security standards and frameworks such as NIST, OWASP, or CIS Benchmarks.

• Knowledge of reverse engineering, malware analysis, and dynamic/static code analysis.

• Background in incident response, including digital forensics and post-incident analysis.