Staff Security Engineer, Red Team
Remote, United States
Wayfair’s Security Engineering team is responsible for designing, building and testing security controls and policies to protect Wayfair’s systems, customers, suppliers and employees.
Who We Are
Wayfair's Red Team is responsible for testing the security controls at Wayfair, and keeping our Security Operations Center staff on their toes. Our team is looking to expand with an experienced Red Team Tech Lead / Penetration Testing Lead in our Boston office who will emulate malicious adversaries and identify weaknesses in our infrastructure and software. This person should have previous experience in offensive security, demonstrated skill in navigating discovery phases and the ability to explain Red Team initiatives to all audiences, including technical and non-technical stakeholders and business partners.
What You’ll Do
- Plan and execute red team attack scenarios to test our staff, systems, and controls.
- Lead Purple Team exercises in conjunction with the SOC.
- Develop and enhance red team capabilities through leadership, strategy, tool or methodology development.
- Analyze Wayfair Web and Mobile Applications to identify vulnerabilities and present results to Developers and Product Managers.
- Conduct network, application, and physical penetration tests.
- Perform advanced social engineering exercises to support other red team testing.
- Effectively communicate findings and risk to stakeholders and leadership
- Assist with scoping and managing third party assessments.
- Assist with mentoring and leading less experienced staff.
Who You Are
- 7+ years of Security Engineering/Architecture Experience
- 2+ years relevant offensive testing experience with a mix of both Applications and Infrastructure security
- Working knowledge of programming or scripting languages (Python, PowerShell, Golang, etc)
- Must have excellent interpersonal and communication skills.
- Experience with common Penetration Testing/AppSec Tools such as Kali, Metasploit, Burp, etc
- Have demonstrable knowledge and experience with MITRE’s ATT&CK framework and commonly used TTPs
- Certifications from Offensive Security and/or SANS, e.g. OSCP or GPEN, are a plus.
About Wayfair Inc.
Wayfair is one of the world’s largest online destinations for the home. Whether you work in our global headquarters in Boston or Berlin, or in our warehouses or offices throughout the world, we’re reinventing the way people shop for their homes. Through our commitment to industry-leading technology and creative problem-solving, we are confident that Wayfair will be home to the most rewarding work of your career. If you’re looking for rapid growth, constant learning, and dynamic challenges, then you’ll find that amazing career opportunities are knocking.
No matter who you are, Wayfair is a place you can call home. We’re a community of innovators, risk-takers, and trailblazers who celebrate our differences, and know that our unique perspectives make us stronger, smarter, and well-positioned for success. We value and rely on the collective voices of our employees, customers, community, and suppliers to help guide us as we build a better Wayfair – and world – for all. Every voice, every perspective matters. That’s why we’re proud to be an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, or genetic information.
Explore more Information Security career opportunities
- Open SOC Analyst Jobs
- Open Principal Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Vulnerability Analyst Jobs
- Open Information Security Architect Jobs
- Open Senior Penetration Tester Jobs
- Open IT Security Engineer Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open Software Security Engineer Jobs
- Open IAM Engineer Jobs
- Open Senior Information Security Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Sr. Product Security Engineer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Senior Incident Response Analyst Jobs
- Open Chief Information Security Officer Jobs
- Open Cybersecurity Analyst Jobs
- Open Staff Security Engineer Jobs
- Open Senior Information Security Analyst Jobs
- Open Information Security Officer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Cyber Security Architect Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Cybersecurity Engineer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Kubernetes-related jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open Open Source-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open Encryption-related jobs
- Open Docker-related jobs
- Open Threat detection-related jobs
- Open IPS-related jobs
- Open TCP/IP-related jobs
- Open HIPAA-related jobs
- Open Cryptography-related jobs
- Open Unix-related jobs
- Open DevSecOps-related jobs
- Open GDPR-related jobs
- Open PowerShell-related jobs