Senior Penetration Tester, Red Team
Wayfair’s Security Engineering team is responsible for designing, building and testing security controls and policies to protect Wayfair’s systems, customers, suppliers and employees.
Who We Are
Wayfair's Red Team is responsible for testing the security controls at Wayfair, and keeping our Security Operations Center staff on their toes. Our team is looking to expand with an experienced Red Team Tech Lead / Penetration Testing Lead in our Boston office who will emulate malicious adversaries and identify weaknesses in our infrastructure and software. This person should have previous experience in offensive security, demonstrated skill in navigating discovery phases and the ability to explain Red Team initiatives to all audiences, including technical and non-technical stakeholders and business partners.
What You’ll Do
- Plan and execute red team attack scenarios to test our staff, systems, and controls.
- Lead Purple Team exercises in conjunction with the SOC.
- Develop and enhance red team capabilities through leadership, strategy, tool or methodology development.
- Analyze Wayfair Web and Mobile Applications to identify vulnerabilities and present results to Developers and Product Managers.
- Conduct network, application, and physical penetration tests.
- Perform advanced social engineering exercises to support other red team testing.
- Effectively communicate findings and risk to stakeholders and leadership
- Assist with scoping and managing third party assessments.
- Assist with mentoring and leading less experienced staff.
Who You Are
- 7+ years of Security Engineering/Architecture Experience
- 2+ years relevant offensive testing experience with a mix of both Applications and Infrastructure security
- Working knowledge of programming or scripting languages (Python, PowerShell, Golang, etc)
- Must have excellent interpersonal and communication skills.
- Experience with common Penetration Testing/AppSec Tools such as Kali, Metasploit, Burp, etc
- Have demonstrable knowledge and experience with MITRE’s ATT&CK framework and commonly used TTPs
- Certifications from Offensive Security and/or SANS, e.g. OSCP or GPEN, are a plus.
About Wayfair Inc.
Wayfair is one of the world’s largest online destinations for the home. Whether you work in our global headquarters in Boston or Berlin, or in our warehouses or offices throughout the world, we’re reinventing the way people shop for their homes. Through our commitment to industry-leading technology and creative problem-solving, we are confident that Wayfair will be home to the most rewarding work of your career. If you’re looking for rapid growth, constant learning, and dynamic challenges, then you’ll find that amazing career opportunities are knocking.
No matter who you are, Wayfair is a place you can call home. We’re a community of innovators, risk-takers, and trailblazers who celebrate our differences, and know that our unique perspectives make us stronger, smarter, and well-positioned for success. We value and rely on the collective voices of our employees, customers, community, and suppliers to help guide us as we build a better Wayfair – and world – for all. Every voice, every perspective matters. That’s why we’re proud to be an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, or genetic information.