Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve.
We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security.
Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, San Francisco, Seattle, Bangalore, London, Melbourne, and Tokyo.
Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork.
From catered lunches and office celebrations to employee recognition events (pre and hopefully post-Covid) and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive.
Visit us at Netskope Careers and follow us on Twitter Netskope and Facebook.
About the position :
You will be a core member of Netskope Global Information Security Application Security Assurance Team perform Offensive Security and Vulnerability Assessments for Netskope Products, Infrastructure, and Business Applications.
This role is dynamic and will be challenged with various technologies and assessment methodologies and in some cases are bleeding edge and require research and development.
The team is global and requires experience working with software and infrastructure engineering functions. The function operates in a self-managed, fast paced, agile environment.
If you enjoy finding and remediating security flaws, or think you are a great hacker, red teamer, or offensive security tester of software applications this role is for you.
Responsibilities include :
Proven expertise & track record in Web and Mobile application Penetration testing (Web, Mobile, API / Webservices) - DAST and SAST
Should have experience with tools Burp suite professional, Metasploit, Tenable, SQL Map and Nmap
In-depth knowledge of OWASP Web and Mobile Top 10 vulnerabilities and identifying them.
Good knowledge of TCP / IP and other application and network level protocols.
Conduct and lead vulnerability assessment and penetration testing and configuration review for web applications, mobile applications and thick clients.
Able to teach CVSS, CVE, and additional vulnerability ratings and methodologies
Ability to red team or perform offensive tests against scaled Internet and Private Cloud infrastructure
Be able to author and issue reports on assigned Application and system scan.
Support Jr. resources in their authoring of reports and issues.
Support and recreate proofs of concept from security reports.
Support and be a member of the PSIRT organization.
Good exposure to Cloud Applications like AWS, Azure and other SAAS Applications
Experience in Automating Security tasks using Python or Java Frameworks.
Understanding of containerization and containerized applications, their security weaknesses and how to secure them.
Ability to develop hardening guidelines for new technologies and applications being adopted by Netskope.
Be able to maintain and contribute to the threat models of the solution(s) and features
Be able to develop abuse cases aligned with the threat model to support engineering in secure development and testing.
Lead sessions to teach secure development and testing methods to engineering resources.
Be able to support the development of tooling for CI / CD / CS processes enabling other teams to test their own systems and work output.
Job Requirements :
Should be able to think ""Out of the box"". Possess ability to think and implement new attack approaches / vectors.
Should possess relevant university degree and / or professional qualifications / certification (e.g. OSCP, LPT, GPEN)
Excellent written and verbal communication skills.
Self-motivated, curious, knowledgeable pertaining to news and current events.
Experience 7+ Yrs in Security
Ability to pass exploitation / security skills challenge