Offensive Security Engineer - Breach & Attack Simulation

What will keep you super-motivated here?

• Opportunity to take responsibility from day one, develop your skills and satisfy your hunger for excellence in Offensive Security with the help of experienced security engineers from all disciplines of Cyber Security  
• Open communication and a unique company culture of flexibility and start-up spirit
• Enjoying agile practices to accelerate significant and complex challenges to shape the future of e-commerce while encouraging mistakes to grow and develop as a team continuously
• Creative, diverse, and focused teams committed to learning and problem-solving through collaboration
• Learn and develop through our extensive Trendyol training platform
• Connecting with your teammates socially regardless of physical distance via events, team gatherings, and social activities
• Strong focus on talent, not titles!
• Competitive employee benefits such as Trendyol shopping discount, centrally and internationally located offices and great tech equipment

Your Main Responsibilities

• Work with all Trendyol teams to cover security hardenings working closely with Trendyol Security Blue Team in order to improve security maturity & monitoring capabilities
• Assessment of functionality and capabilities of Security Devices, including firewalls, IDS and IPS, antivirus, EDR, web content filtering, Email Gateway Security, Data Prevention Protection, etc.
• Good understanding of network security, DDoS attack infrastructures, and ISP defense mechanism
• Physical & Wireless security assessments of Trendyol’s diverse locations
• Employ common testing frameworks in your projects, such as the MITRE ATT&CK framework
• Planning and executing red team engagements/activities, including scoping, objectives, and timeline
• Document and catalog your findings discovered during assessmentsResearch new and novel tactics, techniques, and procedures that may be used to gain inappropriate access to user data
• Build tooling to automate portions of the assessment
• Ensure that Trendyol Offensive Security’s Attack Simulation as a Service Program is up and running for all Security Devices that are employed in Trendyol
• Developing, extending, or modifying exploits, shell code, or exploit tools
• Communicate daily regarding project status with appropriate team members

Qualities We Are Looking For

• Minimum experience of 4+ years in related positions
• Know your way around on any kind of Operating System (*nix, MacOS, Win),
• Know your way around stateful network operations and have solid experience with network mapping tools such as Nmap
• Knowledge of Active Directory and Windows Security
• Good understanding of the most common C2 Frameworks
• Experience with cloud-based environments (GCP, AWS, ABC, etc.)
• Experience with container-based environmentsStays current with the latest threats and vulnerabilities
• Experience making contributions to the security or privacy community, such as public research, blogging, presentations, bug bounties, CVEs, etc. is a big plus
• Experience translating technical concepts into language that is understood by software engineers, technical, non-technical, and executive client stakeholders through written reports and verbal presentations
• Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques, and procedures used by cyber adversaries, specifically those targeting the e-commerce sector
• Being an Agile minded team player
• Ability to effectively plan, schedule and adapt to changing priorities, tasks, and requirements to meet deadlines
• Eagerness on self-improvement, open-minded, future-orientedHaving excellent communication skills
• Good command of written and spoken English
• Relevant certification(s) from Offensive Security, eLearnSecurity or SANS Institute is a big plus