Senior Offensive Security Engineer (IT)

CoStar Group - Washington, DC3.0

Full-timeEstimated: $100,000 - $130,000 a year

Job Description

CoStar Group:
CoStar Group, Inc. (NASDAQ — CSGP) ( is commercial real estate's leading provider of information and analytic services.

Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of commercial real estate information. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availabilities.

Headquartered in Washington, DC, CoStar maintains offices throughout the U.S. and in Europe with a staff of approximately 4,000 worldwide, including the industry's largest professional research organization.

Job Description: Senior Offensive Security Engineer

Overview & Responsibilities:
We are looking for a smart, creative and passionate Senior Security Engineer to help continue improving our information security posture at The CoStar Group. You will engage with development, DevOps, SecOps, Security and other teams of The CoStar Group helping drive and shape the way we manage the protection of our customers and our ever growing data environment.

We’re looking for someone who will take the lead in building out our offensive security capacity to test our internal and external facing processes and applications. This position will be tasked with developing test plans to validate identified vulnerabilities and demonstrate the exploitation of the vulnerabilities. The ability to explain the exploit to senior level management is key to success in this role. Additionally, staying current with trends, techniques and tools used by attackers are critical skills for this role. We will want this Engineer to mentor other security team members to increase the overall knowledge of the Security Team about Offensive Security and build new members of the Offensive Security Team. The successfully candidate will be a self-starter motivated to learn new technologies and tools and assist in moving offensive security forward as it is implemented within the CoStar Enterprise.

Qualifications & Requirements:
Bachelor’s Degree in Computer Science/Cyber Security (or related field)
Security certification such as OSCP, OSWP, GPEN or similar certification a plus
Minimum 6 years’ experience in Information Security
Scripting/programming skills (Perl, Python, PowerShell) and strong ethical hacking skills

Technical Skills/Experience:
Footprinting networks and systems
Using security tools like NMAP, DirBuster, Nikto, OWASP-ZAP, SQLMap, John The Ripper, WireShark, EtterCap, AirCrack, NetCat, Burp Suite, Samurai, Kali Linux, Empire, MetaSpoit, Cobalt Strike and similar tools
Expertise in Web Application testing is preferred
Windows Active Directory exploitation tools and techniques
Create penetration testing projects for CoStar’s stable of Web Applications and participate in remediation and validation efforts
Conduct threat hunting in the CoStar enterprise
Develop routine monthly and quarterly tests of the CoStar infrastructure to assist in maturing our security posture
Primary lead for new offensive security projects.

Business Skills/Experience:
Requires excellent oral and written communication skills to work effectively with others regardless of departmental or geographic boundaries
Requires the ability to produce detailed technical documentation
Requires proficiency with PC software applications, E-Mail, and job associated applications/systems to expediently process work
Requires experience developing and presenting recommendations using PowerPoint to peers and management
Requires good organization skills to produce quality work, within required specifications, and within scheduled timelines
The position requires individual initiative and ability to influence events, rather than passively accepting them, in order to achieve goals. This means being proactive and a self-starter and going beyond specific job responsibilities to ensure goals are achieved or exceeded
CoStar offers a competitive base salary and benefits which include:

Comprehensive medical, dental, prescription and vision benefits with a choice of two plans.
Company-paid life insurance for one time's your annual base salary to a maximum of $300,000 per year.
Company-paid long-term and short-term disability benefits.
Paid vacation, sick days and personal days.
401K with 100% match up to 4%

DC Office Benefits:
Work for an environmentally conscious company in an environmentally friendly building.
LEED Gold Certified
Available Segways and bikes for personal use with training provided… for free!
$100 / month in Metro SmartCard Benefits
Green roof
Electric vehicle charging stations onsite.
Underground parking
Complete fitness center with locker rooms onsite
Onsite Yoga
Beautiful roof top terrace with expansive views of the city; great for lunch and after work hangouts
Fresh fruit, juice, vegetables, and yogurts stocked daily
Full HD video conference system between any CoStar office

CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing