Offensive Security Engineer - Breach & Attack Simulation
Turkey
Trendyol
Mode online shoppen bei Trendyol. Immer die neuesten Trends für jeden Anlass & kostenlose Retouren.What will keep you super-motivated here?
- Opportunity to take responsibility from day one, develop your skills and satisfy your hunger for excellence in Offensive Security with the help of experienced security engineers from all disciplines of Cyber Security
- Open communication and a unique company culture of flexibility and start-up spirit
- Enjoying agile practices to accelerate significant and complex challenges to shape the future of e-commerce while encouraging mistakes to grow and develop as a team continuously
- Creative, diverse, and focused teams committed to learning and problem-solving through collaboration
- Learn and develop through our extensive Trendyol training platform
- Connecting with your teammates socially regardless of physical distance via events, team gatherings, and social activities
- Strong focus on talent, not titles!
- Competitive employee benefits such as Trendyol shopping discount, centrally and internationally located offices and great tech equipment
Your Main Responsibilities
- Work with all Trendyol teams to cover security hardenings working closely with Trendyol Security Blue Team in order to improve security maturity & monitoring capabilities
- Assessment of functionality and capabilities of Security Devices, including firewalls, IDS and IPS, antivirus, EDR, web content filtering, Email Gateway Security, Data Prevention Protection, etc.
- Good understanding of network security, DDoS attack infrastructures, and ISP defense mechanism
- Physical & Wireless security assessments of Trendyol’s diverse locations
- Employ common testing frameworks in your projects, such as the MITRE ATT&CK framework
- Planning and executing red team engagements/activities, including scoping, objectives, and timeline
- Document and catalog your findings discovered during assessmentsResearch new and novel tactics, techniques, and procedures that may be used to gain inappropriate access to user data
- Build tooling to automate portions of the assessment
- Ensure that Trendyol Offensive Security’s Attack Simulation as a Service Program is up and running for all Security Devices that are employed in Trendyol
- Developing, extending, or modifying exploits, shell code, or exploit tools
- Communicate daily regarding project status with appropriate team members
Qualities We Are Looking For
- Minimum experience of 4+ years in related positions
- Know your way around on any kind of Operating System (*nix, MacOS, Win),
- Know your way around stateful network operations and have solid experience with network mapping tools such as Nmap
- Knowledge of Active Directory and Windows Security
- Good understanding of the most common C2 Frameworks
- Experience with cloud-based environments (GCP, AWS, ABC, etc.)
- Experience with container-based environmentsStays current with the latest threats and vulnerabilities
- Experience making contributions to the security or privacy community, such as public research, blogging, presentations, bug bounties, CVEs, etc. is a big plus
- Experience translating technical concepts into language that is understood by software engineers, technical, non-technical, and executive client stakeholders through written reports and verbal presentations
- Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques, and procedures used by cyber adversaries, specifically those targeting the e-commerce sector
- Being an Agile minded team player
- Ability to effectively plan, schedule and adapt to changing priorities, tasks, and requirements to meet deadlines
- Eagerness on self-improvement, open-minded, future-orientedHaving excellent communication skills
- Good command of written and spoken English
- Relevant certification(s) from Offensive Security, eLearnSecurity or SANS Institute is a big plus
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Agile Antivirus AWS Blue team Cloud DDoS E-commerce EDR Exploit Exploits Firewalls GCP IDS IPS MacOS MITRE ATT&CK Monitoring Network security Nmap Offensive security Privacy R&D Red team SANS Security assessment Vulnerabilities Windows
Perks/benefits: Career development Startup environment Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs