Information Security Engineer Lead (Red Team) at Netskope – Saint Louis, Missouri, United States

About Netskope

Today, more data and users are outside the enterprise than inside, causing the network perimeter as we know it to disappear. We realized that a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network, and Data Security.

Since 2012, we’ve built the leading cloud security company and an award-winning culture, driven by hundreds of employees across offices in Santa Clara, St. Louis, Bangalore, London, Melbourne, Taipei, and Tokyo. Our core values ​​are openness, honesty, and transparency, and we’ve purposefully designed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events (pre- and hopefully post-Covid) and professional groups like Awesome Women of Netskope (AWON), we strive to keep work fun, supportive, and interactive. Visit us at Netskope Careers. Follow us on LinkedIn and Twitter@Netskope.

Overview of the track

The Netskope Global Information Security organization is seeking a Security Engineer to serve in Red Team and Offensive Security Operations. This role will be responsible for leading the team responsible for assessing Netskope products and cloud services from a holistic security perspective. A successful candidate should have strong offensive technical skills and be able to identify and make recommendations for security vulnerabilities across multiple technologies and environments.

Roles and Responsibilities

  • Acting as an SME for offensive security technical areas
  • Perform a comprehensive security assessment of, but not limited to, web and mobile applications, containers, k8s, thick client, and cloud environments
  • Perform triage and implement SAST, DAST and SCA process
  • Communicate and collaborate with multiple stakeholders such as engineering, SRE, and QA for security initiatives
  • Provide support for compliance with regulations such as FedRAMP and PBMM
  • Support junior team members in writing reports and issues and assist with day-to-day operations
  • Support and recreate proofs of concept based on security reports
  • Support the PSIRT (Product Security Incident Response Team)
  • Automate daily red team tasks

Qualifications/Requirements

  • Over 6 years of experience in penetration testing, application security and red teams in highly diversified and fast growing organizations.
  • Understanding application frameworks and how to address security and security pitfalls with them
  • Proven expertise and track record in web and mobile application penetration testing (Web, Mobile, API/Web Services) – DAST and SAST
  • Experience in leading a team of 3-5 members in the security testing domain
  • Must have experience with Burp Suite Professional, Metasploit, Tenable, SQL Map and Nmap tools
  • Experience with regulatory compliance such as FedRAMP and PBMM
  • Experience in developing exploits and vulnerability tooling, both pre- and post-exploitation and lateral movement
  • In-depth knowledge of the top 10 OWASP Web and Mobile vulnerabilities, how to identify, exploit and remediate them
  • Good knowledge of TCP/IP and other application and network protocols
  • Ability to write and issue reports on assigned application and system scans
  • Good exposure to cloud service providers such as AWS, GCP and other SaaS applications
  • Experience automating security tasks using Python or another scripting language
  • Must be able to think “Out of the box”. Possesses the ability to devise and implement new attack approaches/vectors.
  • Must hold a relevant university degree and/or professional qualifications/certification (e.g. CEH, OSCP, CISSP)
  • Excellent written and oral communication skills
  • Self-motivated, curious, well-informed about news and current events

#LI-SC1

Netskope is committed to implementing equal employment opportunities for all employees and applicants for employment. Netskope does not discriminate in employment opportunities or practices on the basis of religion, race, color, sex, marital or veteran status, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation, gender identity/expression, genetic information, pregnancy (including childbirth, lactation and related medical conditions), or any other characteristic protected by the laws or regulations of any jurisdiction in which we operate.

Netskope respects your privacy and is committed to protecting the personal information you share with us. For more information, please see Netskope’s Privacy Policy.

You May Also Like

More From Author