Lead Offensive Security Engineer (Product)

Career Opportunity:

• Join an industry with massive socio, economic, and political importance in the 21st century
• Work alongside some of the best and the brightest minds in the security industry
• Work with prominent clients and help them solve hard security problems
• Leave an indelible mark on a company where individual input has real impact
• Align your career trajectory with a hyper growth company that is on the move

Core Responsibilities:

• Lead the technical execution of challenging offensive security projects for our customers
• Identify nuanced vulnerabilities in advanced systems
• Develop custom methodologies, payloads, exploits, and tools to ensure project success
• Develop documentation for novel mitigation strategies to emerging or undocumented security risks identified in client environments
• Develop comprehensive reports and presentations for our customers
• Serve as a mentor to other engineers in their technical and professional development
• Collaborate with the security community to develop novel attack techniques, tactics, and procedures (TTPs) through Praetorian’s Security Blog and other forms of community engagement

Desired Qualifications:

• Demonstrated passion for cybersecurity
• PNPT, BSCP, OSCP, or OSWE certifications
• BS in Computer Science, Engineering, Mathematics, or Physics or equivalent experience
• 5+ years of experience in at least four of the following:
  • Product Security Testing (Application, Mobile, LLM)
  • Cloud Security (AWS, Azure, GCP)
  • Web Application Penetration Testing
  • IoT Security (Embedded, Firmware, Wireless)
  • Secure Code Review
  • Reverse Engineering 
  • Vulnerability Research/ Exploit Development
• Experience developing payloads, exploits or tools
• Understanding of threat models, attack paths and intelligence considerations within the scoping of technical projects 
• Ability to write technical reports and present technical findings both internally and externally
• Experience with startup and/or high-tech companies

+1 Qualifications:

• Prior security consulting experience
• Software or web application development experience in multiple languages
• Experience with cutting edge technology stacks and modern security technologies
• Advanced technical knowledge in any of the following:
  • Exploit development beyond Windows and for MacOS X or Linux 
  • Reverse engineering malware, data obfuscators, or ciphers
  • Software maturity models such as OpenSAMM, BSIMM, and SDL
  • Identity technologies for Azure AD, Auth0, Firebase, OKTA, or Google Identity
  • Secrets management such as Hashicorp Vault and cloud native KMSs
  • Containerization technologies such as Docker and registry platforms such as DockerHub, ACR, ECR, & GCR
  • Orchestration technologies such as Kubernetes and cluster management platforms such as AKS, EKS, & GKE
  • Command and control channel frameworks and deployment
  • Automotive security, ICS/SCADA, Network device security, Medical device security, Home automation security, and/or cryptocurrency wallet security
  • Hardware RE, software RE, firmware analysis, embedded cryptography, wireless protocols, Software-defined radio, glitching, side-channel analysis, and/or IoT PaaS and similar technologies
• Capture-the-flag, CCDC, CPTC or other security related competitions
• Ranked achievements on testing platforms such as Hack the Box, Tryhackme, Portswigger, Proving Ground and similar 
• Pursuit of advanced learning opportunities via security training courses, conferences, personal projects and similar 
• Track record in vulnerability research and CVE assignments
• Security community experience via presentations, conference attendance, blogs, white papers and similar 
• OSCE, OSEP, OSED, CRTO, cloud certifications and similar 
• Ability to travel up to 15% to support client engagements

Desired Behaviors:

• Fanatical passion for cybersecurity and the challenges it presents
• Customer centric focus with an obsessive need to wow and delight each client
• Ability to maintain high levels of output and work ethic
• Personable individual who enjoys working in a team-oriented environment
• Self-starter and independent learner that is able to spin up quickly

• Competitive salary
• Employee stock option plan
• Annual budget for training, certifications, and conferences
• Competitive coverage on health, dental, and vision insurance premiums
• 4% company 401K matching vested immediately