Staff II Offensive Security Engineer
Norwalk, CT, United States
Datto Inc.
IT professionals rely on Datto for mission-critical business continuity and disaster recovery, networking, business management, and file backup and sync solutionsAs the world’s leading provider of cloud-based software and technology solutions delivered by managed service providers (MSPs), Datto believes there is no limit to what small and medium businesses can achieve with the right technology. Datto offers Unified Continuity, Networking, and Business Management solutions and has created a one-of-a-kind ecosystem of MSP partners. These partners provide Datto solutions to over one million businesses across the globe. Since its founding in 2007, Datto continues to win awards each year for its rapid growth, product excellence, superior technical support, and for fostering an outstanding workplace. With headquarters in Norwalk, Connecticut, Datto has global offices in the United Kingdom, Netherlands, Denmark, Germany, Canada, Australia, China, and Singapore. Learn more at datto.com.
The Offensive Security Engineer identifies weaknesses within our systems, network and applications. You will have proficiency in penetration testing of operating systems and web applications. You’ll also look to perform vulnerability research across a wide range of services which can include source code auditing, web application hacking, reverse engineering and fuzzing.
A Look Inside the Job:
- Perform penetration tests on dozens of different products built with a wide variety of application stacks.
- Discover threats, vulnerabilities and exploits through architecture design review, threat modeling, code review, and penetration assessments.
- Offer remediation guidance to stakeholders for identified issues and serve as an escalation resource for engineering as they reduce issues.
- Identify unknown attack surface in our products/software
- Utilize fuzzing tools/frameworks such as AFL++, libfuzzer and jazzer to find complex bugs within software applications
- Create scripts/tools for automated vulnerability discovery
- Build process and technology to improve the reporting and prioritization of identified weaknesses.
- Perform threat actor simulation as part of Purple team exercises
Required Skills:
- Proficient in different bug classes for web applications that span the OWASP top 10
- You have several years of hands-on experience as a hacker, and have exercised your skills against both Linux and Windows environments.
- 2+ years of experience auditing source code in common object oriented programming languages.
- Strong working knowledge of 1 or more of the following programming languages: Python, PHP, C/C++, C#, Java, Golang (not a programming role, but must be able to read code)
- 2+ years of experience directly related to offensive/application security work
- Ability to work independently and be highly self-motivated
- Strong understanding of operating system concepts such as memory management
- Knowledge of core concepts related to Active Directory
Desired:
- Writer for a security blog or similar
- Teaching / public speaking experience
- Published CVEs
- OSCP (Offensive Security Certified Professional), OSEP (Offensive Security Experiences Penetration Tester), OSCE (Offensive Security Certified Expert)
At Datto, we believe our employees are our greatest asset and offer all full-time employees a wide-ranging benefits package, including:
- Comprehensive health-care benefits
- Flexible paid time off policy
- Generous paid parental leave
- “Datto University” virtual on-boarding program
- Access to more than 5,000 courses via LinkedIn Learning
- Education reimbursement
- Employee Assistance Program
- Headspace App
- Charity match program
- A dynamic and socially active work culture, including Employee Resource Groups
- Networking and career development opportunities
- And more!
Datto is an equal opportunity employer.
Tags: Active Directory Application security Audits C C++ Cloud Exploits Golang Java Linux Offensive security OSCE OSCP OWASP Pentesting PHP Privacy Python Reverse engineering Vulnerabilities Windows
Perks/benefits: Career development Flex hours Flex vacation Health care Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs