Principal Offensive Cloud Security Engineer
Remote, USA
Uptycs
Uptycs protects workloads wherever they run and gives you security visibility from dev to runtime. Reduce risk, vulns & misconfigurations from a single UI.Uptycs enables security professionals at companies such as Comcast, Flexport and Lookout to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface.
We’re looking for a talented Principal Cloud Security Engineer who is well-versed in red team/offensive security. The right candidate will be knowledgeable, have hands-on offensive cloud security experience, passionate about cloud security threats, energetic, thrive in a fast-paced environment, and work well in an agile team atmosphere. As part of a fast growing engineering organization, you’ll be working alongside technical product managers and security engineers who have passion for building highly scalable software products. Your R&D offensive cloud security threat contributions will be critical to shaping our overall cloud security and compliance product strategy on Azure and GCP.
What You'll Do:
- Perform full exploitation of multiple cloud environments
- Research, validate, and document new & existing attack vectors targeting Azure and GCP platforms
- Research and identify threats to previously identified cloud vulnerabilities
- Research, validate, and maintain relevant tools needed for red team operations
- Stay up-to-date with attacker techniques and tools
- Work closely with security engineering and technical product management to translate technical security requirements into business security requirements, and vice-versa
- Collaborate with senior technical leaders across engineering, infrastructure and other organizations to solve complex problems and deliver end-to-end solutions
- Have autonomy to move in many different directions
What We're Looking For:
- 5+ years of experience in a cloud security red team role
- Solid understanding and experience with Azure and GCP, specifically with their security-related products and services and how to exploit them
- Familiarity & hands-on experience with effectively using offensive tools and platforms such as ROADtools, PowerZure, Stormspotter, AzureHound, MicroBurst, ScoutSuite, Kali Linux
- Ability to use these tools to scan, enumerate, exploit, and move laterally
- Deep knowledge of tactics (privilege escalation; lateral movement; exfiltration, etc.) and techniques used by threat actors across cloud, containers, network, Windows, and Linux resources
- Expertise performing threat modeling and design reviews to assess security implications for Azure and GCP
- Lead technical viewpoints and make prudent technical risk decisions
- Ability to influence business and technology direction
- Strong operation security skills
- Align teams and orgs towards simple, coherent security designs
- Aptitude to quickly come up to speed on new technology concepts
- A passion for resourceful and creative problem-solving
- Strong interpersonal and communication skills; ability to work in a team environment
- Naturally gravitate towards thinking like a threat actor would!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Analytics APT AWS Azure Cloud Compliance Exploit GCP Kali Kubernetes Linux MacOS Malware Offensive security Open Source R&D Red team Strategy Threat detection Vulnerabilities Vulnerability management Windows
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs