Red Team / Offensive Security - Staff Application Security Engineer
Remote US
Gong.io
Gong captures customer interactions then delivers insights at scale, empowering teams to make decisions based on data instead of opinions.We are seeking an experienced Red Team Application Security Engineer to help grow our application program. If you're excited to join a fast-growing team and have a direct impact on a platform used by some of the biggest names in tech, we want to meet you! In this position, you will support the efforts to ensure that the ML/AI-based dreams that our customers love stay secure in reality, as we have done before, and continue to foster new innovation with our research team to dream even bigger.
Gong is uniquely positioned to gain value from true ML/AI-based capabilities to drastically improve our value to our customers, and create a real differentiated advantage over the competition. We don’t mix the AI/ML powder and hope for the best. We do it for real.
Your day to day will be:
- Leads focus of Red Team operations and development within Ethical Hacking Methodologies from kickoff to remediation, mentoring less experienced staff.
- Conduct red team assessments against cloud environments and enterprise threat landscape to identify vulnerabilities in software, systems, networks, and logic.
- Research and verify known attacks, exploits, and security weaknesses using researched and/or developed custom tools.
- Develop accurate comprehensive reports and presentations for both technical and executive audiences that assist all other security team colleagues.
- Leads and drives Red Team internal development of scripts, tools, or methodologies to enhance Gong’s red teaming, offensive security operations and development.
- Working with the R & D engineering, & DevOps teams to ensure we have a comprehensive secure software development life cycle program
- Manage code scanning tools
- On occasion assists with purple team exercises, penetration tests and security assessments from kickoff to remediation, mentoring less experienced staff.
- Assist with threat models with the developers and architecture teams
- Help create engaging secure code awareness training
- Understand what features the team should prioritize from a product security perspective.
- Effectively communicate findings to stakeholders, including technical staff, executive leadership and legal counsel.
QUALIFICATIONS
- 7+ years of application security experience
- Threat modeling in a cloud environment
- In-depth knowledge of Secure SDLC
- AWS Experience - a must
- Familiarity with attack frameworks and mitigation
- Experience with DAST and SAST
- Experience with application security testing tools such as Burp Suite, Tenable, sqlmap, Nmap or Metasploit.
- Understanding and identification of the OWASP Top 10 vulnerabilities
- Security certifications such as GWAPT, Offensive Security, CE|H, CISSP, CISM or GIAC preferred
#LI-Remote
Tags: Application security AWS Burp Suite CISM CISSP Cloud DAST DevOps Ethical hacking Exploits GIAC GWAPT Metasploit Nmap Offensive security OWASP Product security Red team SAST SDLC Security assessment Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs