Sr. Security Engineer, Penetration Testing

• Execute penetration testing engagements against a variety of web applications/ services and software .
• Develop and execute attack strategies to simulate real-world attacks by threat actors.
• Ability to identifying and exploiting vulnerabilities in computer systems, networks,and applications to simulate attacks by threat actors.
• Analyze and report on the results of security assessments and make recommendations to improve the security posture of the organization.
• Advise management about noncompliance with defined standards in applications tested.
• Partner with developers to drive improvement in application security as a result of security assessment engagements .
• Provide clear communication on the issue to developers and verify the efficacy of the fix .
• Provide actionable remediation feedback for findings and/or long-term risk mitigation guidance .
• Provide guidance and recommendations to other teams to improve the security of products.
• Demonstrate deep understanding of computer networks, operating systems, databases, web applications, and mobile applications.
• Experience with Secure software development lifecycle, distributed systems and security protocols.
• Create custom tools and scripts to automate testing and make the process more efficient.
• Support and maintain tools used for penetration testing and security assessments .
• Develop other security engineers .
• Must be based in the WBDs office, minimum three days/week .

Qualifications & Experiences

• A Bachelor's degree in Computer Science , Cybersecurity, or other related fields, from an accredited university or an equivalent professional experience may suffice in lieu of a Bachelors degree.
• Minimum of 5 years of experience in penetration testing, code review, bug bounty hunting, or red teaming/capture the flag experience.
• Experience in scripting in Python or other languages to build automation tools
• Minimum of 5 years of professional experience with security engineering practices such as in web application security, network security, authN / authZ protocols, cryptography, automation, and other software security.
• Team player with strong communication skills

If you

• are excited to work in an international, fast-paced, multi-faceted media company.
• are comfortable ensuring timely escalation, responsiveness and follow through to meet deadlines.
• are knowledgeable of, and understand, the risk-based business impact approach to cybersecurity.
• are actively questioning and influencing actions needed to attain goals and targets.
• are comfortable driving initiatives forward without having direct control of staff.