Senior Security Engineer (Pen Tester)

📋 Description

• • Menlo Security is at the forefront of enabling secure global connectivity, communication, and collaboration, a mission that has become increasingly critical in today's evolving digital landscape. As we scale from 400 employees to the next phase of our growth, we are seeking a highly motivated and ethically driven Senior Security Engineer with a specialization in Penetration Testing to join our dynamic team. This role is pivotal in ensuring the robust security of our cutting-edge product offerings and the complex cloud infrastructure that supports them.
• • In this capacity, you will operate within a sophisticated multi-cloud environment, encompassing both Amazon Web Services (AWS) and Google Cloud Platform (GCP). Your expertise will be applied across a diverse infrastructure that includes traditional virtual machines (VMs) and modern container-based architectures, both managed and unmanaged. You will be an integral part of a dedicated security team, collaborating closely with fellow penetration testers and cloud security engineers.
• • Your primary focus will be on executing targeted, in-depth penetration tests during critical phases of the product development lifecycle, specifically in the lead-up to releases. To excel in this role, you must maintain close synchronization with our product roadmap, developing a profound technical understanding of new features as they emerge. This mastery will empower you to independently configure testing environments and conduct thorough assessments within demanding timelines, ensuring that our products meet the highest security standards before deployment.
• • The scope of your responsibilities extends beyond application-level security to encompass the critical Control Plane. You will conduct rigorous infrastructure reviews, meticulously examining cloud configurations, Identity and Access Management (IAM) policies, and orchestration layers to verify their adherence to our stringent security baselines. Your operational approach is characterized by speed and precision; you are expected to swiftly identify, validate, and report vulnerabilities to maintain the velocity of our product releases without compromising security.
• • Furthermore, you will serve as a key component of our external defense strategy. This involves actively monitoring our bug bounty programs and external vulnerability reporting channels. You will triage incoming findings, validate their authenticity, and respond to external researchers with professionalism and technical accuracy, fostering positive relationships within the security community.
• • A significant aspect of this role involves leveraging Artificial Intelligence (AI) and Large Language Models (LLMs) to enhance security assessments. You will actively utilize these advanced tools for automated reconnaissance, the generation of novel attack vectors, in-depth analysis of cloud configurations, and the drafting of comprehensive vulnerability reports. Fluency in prompt engineering, specifically tailored for security contexts, is essential for maximizing the effectiveness of these AI-powered tools.
• • Key responsibilities include: conducting collaborative, deep-dive penetration tests of our products across AWS and GCP environments; meticulously reviewing IAM policies, service configurations, and cloud-native permission structures within the Control Plane; executing dynamic testing against web interfaces and API endpoints within the Data Plane and Web UI; assessing the security posture of our hybrid infrastructure comprising containers and VMs; triaging findings and producing clear, reproducible proofs-of-concept (PoCs) while effectively communicating risks to product teams; actively employing AI/LLM tools to automate reconnaissance, generate attack vectors, and analyze configurations; and managing bug bounty pipelines by monitoring reports, validating findings, and communicating with researchers.
• • This role demands a proactive and analytical mindset, with a strong emphasis on collaboration and continuous learning. You will be instrumental in identifying and mitigating potential security risks, thereby safeguarding Menlo Security's reputation and its customers' data. Your contributions will directly impact the security and integrity of our globally recognized cybersecurity solutions.