Offensive Security Engineer, Penetration Testing
Brak informacji o wynagrodzeniu
MidFull-time·Umowa o pracę
#382162·Dodano 3 dni temu·0
Źródło: P>ech Stack / Keywords
SecurityTestingGoCloudNetworksIoTAICybersecurity
Firma i stanowisko
The Information Security Protect organization at Procter & Gamble is responsible for conducting simulated exercises that realistically depict threat actor behaviors and scenarios to improve applications, systems, detection, and response capabilities across the enterprise.
Wymagania
- Bachelor’s degree or equivalent in Information Security, Cybersecurity, Computer Science, or related field, or 2+ years of equivalent experience.
- 2+ years of experience in penetration testing, application security testing, vulnerability validation, or offensive security.
- Ability to lead defined-scope penetration tests, manage execution, document results clearly, and escalate complex or high-risk issues.
- Experience identifying, validating, and exploiting weaknesses in 2 or more domains such as web apps, APIs, mobile apps, cloud infrastructure, enterprise apps, databases, networks, servers, IoT, identity platforms, directory services, or AI-enabled systems.
- Ability to automate tasks using scripting or programming languages such as Python, PowerShell, Bash, Go, C#, or JavaScript.
- Basic Linux command-line experience and familiarity with Windows environments.
- Ability to read and understand code to follow application behavior and identify security-relevant logic.
- Basic hands-on experience with major cloud providers such as GCP, AWS, or Azure.
- Adversarial mindset with ability to think from attacker’s perspective while following rules and safety.
- Clear written and verbal communication skills to explain technical findings.
Preferred Skills:
- Penetration testing or security certifications (e.g., OSCP, OSWE, GPEN, GXPN, GWAPT, PNPT, eJPT).
- Experience with CTFs, Bug Bounty programs, Vulnerability Disclosure Programs, coordinated research, or public technical write-ups.
- Experience using AI tools for reconnaissance, code review, vulnerability triage, payload development, reporting, or remediation.
- Exposure to testing AI-enabled applications, LLM-based systems, AI agents, RAG systems, model integrations.
- Experience with mobile, IoT, embedded systems, firmware, reverse engineering, or hardware security testing.
- Exposure to cloud and identity attack paths including SSO, MFA, OAuth, IAM, secrets exposure, conditional access, privilege escalation.
- Familiarity with tools such as Burp Suite, Nmap, Metasploit, Frida, Ghidra, IDA, BloodHound, or cloud security testing tools.
- Curiosity, humility, and desire to improve technical depth, reporting quality, and testing consistency.
Obowiązki
- Lead defined-scope penetration tests across websites, services, APIs, infrastructure, cloud environments, networks, IoT devices, mobile applications, and enterprise applications.
- Partner with Intake Management, senior testers, and stakeholders to confirm objectives, access, rules of engagement, test assumptions, and engagement readiness.
- Execute testing activities including reconnaissance, vulnerability discovery, exploitation, evidence collection, reporting, and remediation validation.
- Identify, validate, exploit, and document security vulnerabilities while operating within approved scope.
- Validate related vulnerabilities to demonstrate realistic impact and escalate complex attack chains as needed.
- Test for control gaps and document weaknesses in preventative or detective controls.
- Investigate and validate Vulnerability Disclosure Program and Bug Bounty findings, escalating complex or high-impact issues.
- Collaborate with engineering, product, cloud, infrastructure, and security teams to explain findings and support remediation.
- Use approved scripts, templates, automation, and AI-assisted workflows to improve efficiency, triage, reporting, and remediation validation.
- Assist with testing AI-enabled applications for risks such as prompt injection, data exposure, insecure tool use, and authorization flaws.
- Produce clear standardized reports with reproduction steps, evidence, impact, affected systems, and remediation guidance.
- Contribute to team knowledge sharing, documentation, test notes, templates, and process feedback.
Benefity
- P&G-sized projects and access to world-leading IT partners and technologies from Day 1.
- Wide range of self-development possibilities including training and certification paths.
- Competitive starting salary and benefits including private health care, P&G stock, saving plans, and sport cards.
- Regular salary increases and potential promotions based on performance.
- Opportunity to change role every few years to align with personal and company best interests.
- Hybrid work model with option to work remotely two days a week and in-office for collaboration.
Opieka zdrowotna
Karta sportowa
Inne informacje
Employment is exclusively based on "Umowa o Pracę" (Full-time Employment Contract). Apply only if you agree to these conditions. P&G is an equal opportunity employer, providing reasonable accommodations for individuals with disabilities during the application process.
P&G
27 aktywnych ofert