Oath, a subsidiary of Verizon, is a values-led company committed to building brands people love. We reach over one billion people around the world with a dynamic house of media and technology brands. A global leader in digital and mobile, Oath is shaping the future of media.
When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make Oath one of the safest places on the Internet.
We are the Information Security team at Oath. People call us " The Paranoids ".
Our ideal candidate has a proven track record of high performance within the offensive security field. You enjoy diving into complex and unknown situations to simulate a sophisticated adversary, discovering 0day vulnerabilities, creating scalable offensive security platforms such as fuzzing frameworks and stealthy remote access implants. You think like an adversary always looking for ways to circumvent security systems and processes by any means necessary. You lead others on a path that illuminates the true state of security and you constantly acquire new skill sets and share your knowledge with your peers.
Contribute to the development of a world class offensive security capability, strategy, and program
Help build nation state level offensive security capabilities that mimic those observed in the wild
Lead and take ownership of functional areas of Red Team operations, communications, and research
Manage the complexity of information sensitivity, ethical responsibility, and scale associated with simulating an adversarial force in a large environment
Contribute to the strategic vision to maximize the Red Team’s impact on the organization
Constantly challenge widely held beliefs to mitigate groupthink and confirmation bias
Participate in long lived, yoloscoped, Red Team operations using a combination of web, application, network, system, process, and human vulnerabilities
Meticulously document your work and maintain evidence of all Red Team activity during operations
Share your expert knowledge with your peers in security and the company at large
Work directly with engineers and product owners to drive secure by design paradigms
Distill complex security topics for a wide range of audiences ranging from engineers to executives
Make it rain 0day
Minimum Qualifications :
5+ years of direct pentest, exploit research, or red teaming experience
Ability to read/write C/C++ and one of (PHP, Java, Python, Ruby, Golang, Perl)
Experience with memory corruption vulnerabilities
Experience discovering and exploiting web application security flaws
Experience with fuzzing, reverse engineering, and exploit development
Experience with escalation, lateral movement, network pivoting techniques
Preferred Qualifications :
Direct experience operating on an internal Red Team in a large environment
Proven track record of 0day discovery.
Experience exploiting and bypassing network technologies.
Experience and understanding of operational security and stealth techniques
Experience building Red Team automation at scale
Knowledge of cryptographic flaws
Oath is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on, age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Oath is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. Please let us know if you need a reasonable accommodation to apply for a job or participate in the application process.
Currently work for Oath? Please apply on our internal career site.