P&G
P&G
New

Offensive Security Engineer, Penetration Testing

Brak informacji o wynagrodzeniu
MidFull-time·Umowa o pracę
#382162·Dodano 3 dni temu·0
Źródło: P&G
Aplikuj teraz

Tech Stack / Keywords

SecurityTestingGoCloudNetworksIoTAICybersecurity

Firma i stanowisko

The Information Security Protect organization at Procter & Gamble is responsible for conducting simulated exercises that realistically depict threat actor behaviors and scenarios to improve applications, systems, detection, and response capabilities across the enterprise.

Wymagania

  • Bachelor’s degree or equivalent in Information Security, Cybersecurity, Computer Science, or related field, or 2+ years of equivalent experience.
  • 2+ years of experience in penetration testing, application security testing, vulnerability validation, or offensive security.
  • Ability to lead defined-scope penetration tests, manage execution, document results clearly, and escalate complex or high-risk issues.
  • Experience identifying, validating, and exploiting weaknesses in 2 or more domains such as web apps, APIs, mobile apps, cloud infrastructure, enterprise apps, databases, networks, servers, IoT, identity platforms, directory services, or AI-enabled systems.
  • Ability to automate tasks using scripting or programming languages such as Python, PowerShell, Bash, Go, C#, or JavaScript.
  • Basic Linux command-line experience and familiarity with Windows environments.
  • Ability to read and understand code to follow application behavior and identify security-relevant logic.
  • Basic hands-on experience with major cloud providers such as GCP, AWS, or Azure.
  • Adversarial mindset with ability to think from attacker’s perspective while following rules and safety.
  • Clear written and verbal communication skills to explain technical findings.

Preferred Skills:

  • Penetration testing or security certifications (e.g., OSCP, OSWE, GPEN, GXPN, GWAPT, PNPT, eJPT).
  • Experience with CTFs, Bug Bounty programs, Vulnerability Disclosure Programs, coordinated research, or public technical write-ups.
  • Experience using AI tools for reconnaissance, code review, vulnerability triage, payload development, reporting, or remediation.
  • Exposure to testing AI-enabled applications, LLM-based systems, AI agents, RAG systems, model integrations.
  • Experience with mobile, IoT, embedded systems, firmware, reverse engineering, or hardware security testing.
  • Exposure to cloud and identity attack paths including SSO, MFA, OAuth, IAM, secrets exposure, conditional access, privilege escalation.
  • Familiarity with tools such as Burp Suite, Nmap, Metasploit, Frida, Ghidra, IDA, BloodHound, or cloud security testing tools.
  • Curiosity, humility, and desire to improve technical depth, reporting quality, and testing consistency.

Obowiązki

  • Lead defined-scope penetration tests across websites, services, APIs, infrastructure, cloud environments, networks, IoT devices, mobile applications, and enterprise applications.
  • Partner with Intake Management, senior testers, and stakeholders to confirm objectives, access, rules of engagement, test assumptions, and engagement readiness.
  • Execute testing activities including reconnaissance, vulnerability discovery, exploitation, evidence collection, reporting, and remediation validation.
  • Identify, validate, exploit, and document security vulnerabilities while operating within approved scope.
  • Validate related vulnerabilities to demonstrate realistic impact and escalate complex attack chains as needed.
  • Test for control gaps and document weaknesses in preventative or detective controls.
  • Investigate and validate Vulnerability Disclosure Program and Bug Bounty findings, escalating complex or high-impact issues.
  • Collaborate with engineering, product, cloud, infrastructure, and security teams to explain findings and support remediation.
  • Use approved scripts, templates, automation, and AI-assisted workflows to improve efficiency, triage, reporting, and remediation validation.
  • Assist with testing AI-enabled applications for risks such as prompt injection, data exposure, insecure tool use, and authorization flaws.
  • Produce clear standardized reports with reproduction steps, evidence, impact, affected systems, and remediation guidance.
  • Contribute to team knowledge sharing, documentation, test notes, templates, and process feedback.

Benefity

  • P&G-sized projects and access to world-leading IT partners and technologies from Day 1.
  • Wide range of self-development possibilities including training and certification paths.
  • Competitive starting salary and benefits including private health care, P&G stock, saving plans, and sport cards.
  • Regular salary increases and potential promotions based on performance.
  • Opportunity to change role every few years to align with personal and company best interests.
  • Hybrid work model with option to work remotely two days a week and in-office for collaboration.
Opieka zdrowotna
Karta sportowa

Inne informacje

Employment is exclusively based on "Umowa o Pracę" (Full-time Employment Contract). Apply only if you agree to these conditions. P&G is an equal opportunity employer, providing reasonable accommodations for individuals with disabilities during the application process.

P&G

P&G

27 aktywnych ofert

Zobacz wszystkie oferty
Aplikuj teraz