Senior Offensive Security Engineer
The We Company’s Offensive Operations Team is seeking Senior Red Teamers to help keep WeWork secure and safe from attackers. Our team in New York is growing, and we want talented engineers, such as yourself, to join our mission!
This role has a broad scope, ranging from triaging vulnerabilities from bug bounties, attacking WeWork’s services and infrastructure, and working with various Blue teams and service owners to improve our detective and response capabilities. This role presents an ultimate test of ones security knowledge and ability, along with the challenge of leading highly skilled individuals as you understand and deconstruct systems throughout WeWork. This position will provide you with challenging opportunities, both technologically and as a leader, but will also be a great deal of fun if hacking WeWork sounds exciting to you.
A Security Engineer at WeWork is expected to be strong in multiple domains. Engineers in this role will work closely with teams throughout Information Security, such as the Security Operations Center (SOC), Infrastructure Security and Application Security teams. Additionally, you will leverage the knowledge you gain about WeWork to find new ways to break software, infrastructure and processes throughout the company.
Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as you discover, invent and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping WeWork and its customers secure.
- Assist in building a world class Offensive Operations team at WeWork.
- Lead other engineers in Red Team engagements occurring throughout WeWork with few limits and restrictions.
- Conduct full cycle engagements with business units independently, or as part of a team.
- Perform manual examination of client systems, web sites and networks to discover weaknesses.
- Thoroughly document exploit chain/proof of concept scenarios for stakeholder consumption.
- Communicate findings and discoveries to influence stakeholders to prioritize and execute remediation plans.
Desired Skills and Experience
- Experience in conducting red team engagements from an adversarial/threat perspective, working with offensive TTPs (Tactics, Techniques and Procedures)
- BS in Computer Science or related field, or equivalent work experience
- 8+ years in an Information Security role, preferably in red teaming, penetration testing, or other offensively-focused security roles
- Advanced knowledge and understanding in various disciplines such as security architecture and engineering, system and network security, authentication and security protocols, cryptography, and application security
- Experience with interpreted or compiled languages: Python, Ruby, C/C++, Java, C#
- Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs
- Experience with various testing tools, such as Metasploit, Nmap, Nessus, Burp Suite, etc.
- Strong sense of ownership, urgency, and drive