Paranoids Penetration Tester

Oath Inc - Sunnyvale, CA3.9

Oath, a subsidiary of Verizon, is a values-led company committed to building brands people love. We reach over one billion people around the world with a dynamic house of media and technology brands. A global leader in digital and mobile, Oath is shaping the future of media.
When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make Oath one of the safest places on the Internet.

We are the Information Security team at Oath. People call us " The Paranoids ".

Responsibilities :
Our ideal candidate has a proven track record of high performance within the offensive security field. You enjoy diving into complex and unknown situations to simulate a sophisticated adversary, discovering 0day vulnerabilities, creating scalable offensive security platforms such as fuzzing frameworks and stealthy remote access implants. You think like an adversary always looking for ways to circumvent security systems and processes by any means necessary. You lead others on a path that illuminates the true state of security and you constantly acquire new skill sets and share your knowledge with your peers.

Contribute to the development of a world class offensive security capability, strategy, and program

Help build nation state level offensive security capabilities that mimic those observed in the wild

Lead and take ownership of functional areas of Red Team operations, communications, and research

Manage the complexity of information sensitivity, ethical responsibility, and scale associated with simulating an adversarial force in a large environment

Contribute to the strategic vision to maximize the Red Team’s impact on the organization

Constantly challenge widely held beliefs to mitigate groupthink and confirmation bias

Participate in long lived, yoloscoped, Red Team operations using a combination of web, application, network, system, process, and human vulnerabilities

Meticulously document your work and maintain evidence of all Red Team activity during operations

Share your expert knowledge with your peers in security and the company at large

Work directly with engineers and product owners to drive secure by design paradigms

Distill complex security topics for a wide range of audiences ranging from engineers to executives

Make it rain 0day

Minimum Qualifications :
5+ years of direct pentest, exploit research, or red teaming experience

Ability to read/write C/C++ and one of (PHP, Java, Python, Ruby, Golang, Perl)

Experience with memory corruption vulnerabilities

Experience discovering and exploiting web application security flaws

Experience with fuzzing, reverse engineering, and exploit development

Experience with escalation, lateral movement, network pivoting techniques

Preferred Qualifications :
Direct experience operating on an internal Red Team in a large environment

Proven track record of 0day discovery.

Experience exploiting and bypassing network technologies.

Experience and understanding of operational security and stealth techniques

Experience building Red Team automation at scale

Knowledge of cryptographic flaws

Oath is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on, age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Oath is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. Please let us know if you need a reasonable accommodation to apply for a job or participate in the application process.

Currently work for Oath? Please apply on our internal career site.