Senior Penetration Testing Engineer

United States

GoDaddy logo
Apply now Apply later

Posted 2 weeks ago

GoDaddy powers the world's largest cloud platform dedicated to small, independent ventures. Our mission is to empower entrepreneurs everywhere, making opportunity more inclusive for all. We're a trusted growth partner to over 19 million everyday entrepreneurs worldwide. We're empowering them to change the world if it doesn't quite fit them. To make their idea real. To grow it online. We help them do what they've been dreaming of and make the world they want. To learn more about us visit



Tempe, AZ or Scottsdale, AZ or Santa Clara, CA or Remote


What you'll get to do..

Your experience should include...

  •  Creating and crafting a Penetration Testing Program
  • Detailed understanding of networking and common TCP/IP protocols
  • Proven understanding of Payment Card Industry knowledge and pen testing concepts
  • 4 years of experience in vulnerability discovery / security engineering / application security
  • Demonstrated history of Penetration testing
  • Experience working in a large cloud or Internet software company preferred
  • Knowledge of web application design & implementation concepts to include supporting systems
  • Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
  • Excellent interpersonal skills
  • Ability to scope and perform segmentation testing, as defined in the PCI-DSS, in order to validate our scope reduction
  • Ability to succeed through collaboration and working through internal and external organizations and individuals
  • Ability to test API and AWS based products.
  • Detailed knowledge of common vulnerabilities, exploits, and attacks used during a penetration test
  • Ability to manage and run penetration testing engagement on your own
  • Expert knowledge, skills, and abilities in the use of common vulnerability assessment and penetration testing tools such as Metasploit, Nessus, Nmap, Burp Suite, PowerSploit, Empire, Qualys and Impacket. These are examples and are not a requirements list.
  • Basic familiarity with Incident response framework, EDRs, SIEM and Security devices
  • Prior DevOps or continuous delivery and deployment experience preferred
  • OSCP, OSCE, CREST, GPEN, GWAPT, GXPN, and other industry certifications are a plus
  • Strong application/product/software security background
  • Threat modeling, adversary emulation, or long duration Red Team exercises

You might also have...

 Experience in the following: 

Metasploit, Kali Linux, Burp suite, ZAP, Tanium, AppSpider, Open VAS, Nessus, Qualys, NMAP, Jira, AWS or equivalent

We've got your back...

 Enjoy our many benefits (My Wallet), including paid time off, 401k, equity grants and parental leave. Join one of our employee resource groups (Culture). Continue to have a side hustle, if you have one (we love entrepreneurs, remember?). Most importantly, come as you are and make your own way.


GoDaddy is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, ethnicity, national origin, citizenship, religion, creed, sex, sexual orientation, gender, gender identity or expression (including against any individual that is transitioning, has transitioned, or is perceived to be transitioning), marital status or civil partnership/union status, physical or mental disability, medical condition, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state or local law. GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements.


If you need help completing an application for a position with GoDaddy, please reach out to our Recruiting Team at


GoDaddy doesn’t accept unsolicited resumes from recruiters or employment agencies.

Job tags: AWS Burp Suite C CREST DevOps GPEN GXPN Incident response Kali Linux Metasploit Military Nmap OSCE OSCP PCI Penetration testing Pen testing Qualys Red team SIEM TCP/IP Vulnerabilities