Principal Offensive Cloud Security Engineer

Remote, USA

Applications have closed
Uptycs logo

Uptycs

Meet the first cloud-native security analytics platform for endpoint and cloud. With Uptycs, modern defenders can prioritize, investigate and respond to threats
Uptycs builds best-in-class cloud security products that leverage lightweight tools, built on open source software, to collect everything that can help detect, understand, and mitigate a wide variety of security problems. We run on laptops and cloud workloads, monitor Kubernetes and serverless containers, analyze AWS/GCP/Azure configuration and CloudTrail events, emulate threat actor behavior in cloud, containers, network, Windows, and Linux environments - you name it! We feed it into a cloud-based security analytics platform that provides comprehensive visibility, threat detection, posture management, remediation, vulnerability management and compliance tracking. We analyze petabytes of data, process millions of events per second, and run a control plane that enables continuous scanning for vulnerabilities, misconfigurations, and APT malware on all major cloud providers and hundreds of thousands of macOS, Linux, and Windows endpoints.
Uptycs enables security professionals at companies such as Comcast, Flexport and Lookout to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface.
We’re looking for a talented Principal Cloud Security Engineer who is well-versed in red team/offensive security. The right candidate will be knowledgeable, have hands-on offensive cloud security experience, passionate about cloud security threats, energetic, thrive in a fast-paced environment, and work well in an agile team atmosphere. As part of a fast growing engineering organization, you’ll be working alongside technical product managers and security engineers who have passion for building highly scalable software products. Your R&D offensive cloud security threat contributions will be critical to shaping our overall cloud security and compliance product strategy on Azure and GCP.

What You'll Do:

  • Perform full exploitation of multiple cloud environments
  • Research, validate, and document new & existing attack vectors targeting Azure and GCP platforms
  • Research and identify threats to previously identified cloud vulnerabilities 
  • Research, validate, and maintain relevant tools needed for red team operations
  • Stay up-to-date with attacker techniques and tools
  • Work closely with security engineering and technical product management to translate technical security requirements into business security requirements, and vice-versa
  • Collaborate with senior technical leaders across engineering, infrastructure and other organizations to solve complex problems and deliver end-to-end solutions
  • Have autonomy to move in many different directions

What We're Looking For:

  • 5+ years of experience in a cloud security red team role 
  • Solid understanding and experience with Azure and GCP, specifically with their security-related products and services and how to exploit them
  • Familiarity & hands-on experience with effectively using offensive tools and platforms such as ROADtools, PowerZure, Stormspotter, AzureHound, MicroBurst, ScoutSuite, Kali Linux
  • Ability to use these tools to scan, enumerate, exploit, and move laterally
  • Deep knowledge of tactics (privilege escalation; lateral movement; exfiltration, etc.) and techniques used by threat actors across cloud, containers, network, Windows, and Linux resources
  • Expertise performing threat modeling and design reviews to assess security implications for Azure and GCP
  • Lead technical viewpoints and make prudent technical risk decisions
  • Ability to influence business and technology direction
  • Strong operation security skills
  • Align teams and orgs towards simple, coherent security designs
  • Aptitude to quickly come up to speed on new technology concepts
  • A passion for resourceful and creative problem-solving
  • Strong interpersonal and communication skills; ability to work in a team environment
  • Naturally gravitate towards thinking like a threat actor would!
Uptycs is an Equal Opportunity Employer. All applicants will be considered for employment without attention to race, color, religion, sexual orientation, gender identity, national origin, veteran or disability status. Uptycs is a progressive and open-minded workplace where we do not tolerate discrimination or harassment in any form. If you are smart, passionate and good at what you do, come as you are.

* Salary range is an estimate based on our salary survey 💰

Tags: Agile Analytics APT AWS Azure Cloud Compliance Exploit GCP Kali Kubernetes Linux MacOS Malware Offensive Security Open Source R&D Red team Strategy Threat detection Vulnerabilities Vulnerability management Windows

Perks/benefits: Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  21  1  0

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.