Lead Red Team Engineer

Ready to make an impact? Arctic Wolf is looking for an Information Security Engineer - Penetration Tester to join our pack.

Arctic Wolf, with its unicorn valuation, is the leader in security operations in an exciting and fast-growing industry—cybersecurity.

How fast are we growing? Well, Arctic Wolf was highly ranked in the Deloitte Fast Technology 500 for NorthAmerica in both 2019 (#25) and 2020 (#104)! We have doubled headcount, customers, and revenue for five years running. We are also cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow our teams globally.

In fact, we were named a 2021 Top Workplace USA (Energage) as the top technology firm to work in our size category, were recognized as one of the 2020 Best Places to Work (bizjournals.com), and most recently were certified as a 2021 Great Place to Work (Great Places to Work Institute, Canada). Arctic Wolf believes in corporate responsibility, and our worldwide offices proudly participate in volunteer programs throughout their communities. We’ve also earned distinction from TravelWise for our efforts in promoting sustainable transportation.

Position Overview and Objective

The Information Security Engineer – Penetration Tester role is responsible for the execution of security assessments against Arctic Wolf systems. This role will collaborate with different business units to ensure technical security capabilities. 

Primary Responsibilities and Duties

• Responsible for conducting manual penetration testing engagements, creating/maintaining automated penetration testing solutions, documenting penetration testing methodologies. 
• Automate redundant tasks for assessment and related activities in order to optimize our team’s efficiency and reach 
• Assist development teams with development and implementation of processes and techniques for detection and prevention of security defects within the software development lifecycle 
• Penetration testing & vulnerability research resulting in high quality penetration testing reports that include recommendations for threat mitigations 
• Security metrics delivery and improvements 

Key Skills

Communication, Threat modeling, Code Review, Penetration Testing, Application Testing, Research.

Key Competencies

• Is able to write clearly and succinctly in a variety of communication settings and styles; can get messages across that have the desired effect. 
• Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers.  
• Comes up with a lot of new and unique ideas; easily makes connections among previously unrelated notions; tends to be seen as original and value-added in brainstorming settings. 

Minimum Qualifications

• A Bachelor’s Degree in Computer Science, Information Systems, Engineering, cybersecurity or related technical field; or equivalent experience. 
• At least three years performing manual web application penetration testing as a primary job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite) 
• Understanding of common software security issues and remediation techniques (OWASP Top 10, SANS 25, Mitre ATT&CK, etc.) 
• Experience with modern application development languages and frameworks (e.g., Python, Golang, JavaScript, Java) 
• Familiarity with Web application proxies (MiTM proxy, ZAP, Burp) and other penetration testing tools 
• Familiarity with various TCP/IP networking (proxies, firewalls, etc.), API’s (REST, SOAP, JSON, etc) and ability to craft custom HTTP requests 

Preferred Qualifications

• Familiarity with the OWASP Testing Guide 
• Comfortable documenting vulnerabilities, as well as the steps necessary to reproduce and remediate documented vulnerabilities 
• Industry Certifications – (OSCP, OSWE, GPEN, GWAPT, CEH, etc) 
• Experience working in a regulated environments (SOX, ISO 27001, etc) 
• Good familiarity with cloud infrastructures, with Amazon Web Services (AWS) and/or Azure considered a strong plus.

Travel Requirements

Typically 10% or less of business travel

Security Requirements:

• Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information.
• Background checks are required for this position

About us:

At Arctic Wolf, we recognize that success comes from delighting our customers. We believe in being lean – in constantly building, measuring, and learning in all aspects of our business. We truly value people. All wolves are welcome to join the Arctic Wolf pack, with compelling compensation packages, benefits, and equity for employees.

Arctic Wolf is focused on building a workforce that is diverse and inclusive. If you’re excited about this role, but do not meet all of the qualifications listed above, we encourage you to apply. We review all applications.  

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law.

Arctic Wolf is committed to fostering a welcoming, accessible, respectful and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our recruitment, assessment and selection processes as accessible as possible and provide accommodations as required for applicants with disabilities. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com.