Offensive Security Engineer(Mid level) – Penetration Testing(remote virtual home office)
Humana
Remote
offensive security
offensive security engineer
security
security engineer
engineer
mid level
penetration testing
remote
virtual
security
penetration testing
team
offensive security
January 28, 2023
Humana
Louisville, KY
We are seeking experienced Penetration Testers to join our growing team. Generally, we are looking for candidates with 1+ years of Cyber Security experience with a focus on penetration testing or red teaming to join our Enterprise Information Protection organization on the Cyber Threat Simulation team. The successful candidates will play a key role in assessing our cloud, mobile, API, website, security controls as well as building custom tools to assist in automating workloads and focusing on strategic initiatives to mature the organization at large.
The Offensive Security Engineer within the Cyber Threat Simulation - Penetration Testing team is responsible for the execution, reporting, and read out of offensive security activities including penetration testing, remediation validation, and security control assessments. This role will work closely with development teams and senior leadership to ensure understanding of reported vulnerabilities and high-level mitigations.
Responsibilities
Performing white and grey box penetration testing against web applications, APIs, mobile applications, thick clients, and network infrastructure.
Conducting penetration testing in varying environments, including Amazon Web Services (AWS), Azure, GCP, and on-premises systems.
Communicating and consulting using common software security issue classes and remediation techniques from the OWASP Top 10, SANS 25, MITRE ATT&CK, and other industry standard sources
Conducting remediation validation for issues uncovered during penetration testing, vulnerability disclosure, and adverse events
Analyzing vulnerabilities and delivering clear and coherent written reports identifying vulnerabilities and providing mitigation recommendations
Developing scripts for use during offensive security operations using Python, PowerShell, C, or C++
Qualifications
Required:
A bachelor’s degree (or higher) in an engineering or computer science related field or commensurate experience and credentials
At least 1+ years of security experience, preferably with experience in offensive security, engineering, or operations
Preferred:
A breaker’s mindset: Can you bend software, services, or processes to your will as an attacker? Can you harness that into a cohesive product that helps the organization grow?
Self-accountability and organization: No one likes micromanagement. As a senior engineer, you should be able to independently manage and execute complex work that spans teams within Humana, aligns to the Penetration Testing team’s overall objectives, and informs future operational improvements.
Strong notetaking and documentation skills
Detail-oriented research and troubleshooting
Communication: We’re all remote which requires intentionality around communication with the team. Our unique function also requires the ability to explain complex topics or attacks to a variety of audiences. We want to see you’re up to the task.
Strong technical base: You don’t need to know it all, but you should know enough to accomplish common tasks and know what questions to ask when you can’t. This includes efficient research skills to quickly find and implement new information in support of operational and team needs. Some things we’d like to see:
Hands on certifications such as OSCP, OSCE, CEPT, GPEN, GXPN, CRTOP, CPT, eJPT, eCPPT, eWPT, eWPTX, and/or PEH
Web application, thick client, mobile, and API penetration testing experience
Ability to read and understand code to assist with pinpointing vulnerabilities and locating edge cases
Wisdom to know when to push harder, and when to ask questions particularly around scope and rules of engagement
Experience building scripts and tools to assist in performing more advanced attacks
Reporting: More goes into an engagement than just hacking all the things. We’d like to see your written communication skills and your ability to interact with stakeholders such as developers, leadership, and beyond.
Giving Back: Knowledge kept to ourselves isn’t very useful. We look for ways that you’ve given back to the community, like contributing to open-source projects or sharing security information, and ways you’ve helped your prior team(s) grow by sharing knowledge you’ve gained.
Scheduled Weekly Hours
40
Not Specified
0
The Offensive Security Engineer within the Cyber Threat Simulation - Penetration Testing team is responsible for the execution, reporting, and read out of offensive security activities including penetration testing, remediation validation, and security control assessments. This role will work closely with development teams and senior leadership to ensure understanding of reported vulnerabilities and high-level mitigations.
Responsibilities
Performing white and grey box penetration testing against web applications, APIs, mobile applications, thick clients, and network infrastructure.
Conducting penetration testing in varying environments, including Amazon Web Services (AWS), Azure, GCP, and on-premises systems.
Communicating and consulting using common software security issue classes and remediation techniques from the OWASP Top 10, SANS 25, MITRE ATT&CK, and other industry standard sources
Conducting remediation validation for issues uncovered during penetration testing, vulnerability disclosure, and adverse events
Analyzing vulnerabilities and delivering clear and coherent written reports identifying vulnerabilities and providing mitigation recommendations
Developing scripts for use during offensive security operations using Python, PowerShell, C, or C++
Qualifications
Required:
A bachelor’s degree (or higher) in an engineering or computer science related field or commensurate experience and credentials
At least 1+ years of security experience, preferably with experience in offensive security, engineering, or operations
Preferred:
A breaker’s mindset: Can you bend software, services, or processes to your will as an attacker? Can you harness that into a cohesive product that helps the organization grow?
Self-accountability and organization: No one likes micromanagement. As a senior engineer, you should be able to independently manage and execute complex work that spans teams within Humana, aligns to the Penetration Testing team’s overall objectives, and informs future operational improvements.
Strong notetaking and documentation skills
Detail-oriented research and troubleshooting
Communication: We’re all remote which requires intentionality around communication with the team. Our unique function also requires the ability to explain complex topics or attacks to a variety of audiences. We want to see you’re up to the task.
Strong technical base: You don’t need to know it all, but you should know enough to accomplish common tasks and know what questions to ask when you can’t. This includes efficient research skills to quickly find and implement new information in support of operational and team needs. Some things we’d like to see:
Hands on certifications such as OSCP, OSCE, CEPT, GPEN, GXPN, CRTOP, CPT, eJPT, eCPPT, eWPT, eWPTX, and/or PEH
Web application, thick client, mobile, and API penetration testing experience
Ability to read and understand code to assist with pinpointing vulnerabilities and locating edge cases
Wisdom to know when to push harder, and when to ask questions particularly around scope and rules of engagement
Experience building scripts and tools to assist in performing more advanced attacks
Reporting: More goes into an engagement than just hacking all the things. We’d like to see your written communication skills and your ability to interact with stakeholders such as developers, leadership, and beyond.
Giving Back: Knowledge kept to ourselves isn’t very useful. We look for ways that you’ve given back to the community, like contributing to open-source projects or sharing security information, and ways you’ve helped your prior team(s) grow by sharing knowledge you’ve gained.
Scheduled Weekly Hours
40
Not Specified
0
Report this job