Senior Penetration Testing EngineerApplyApply Later Location Scottsdale, Arizona; Czechia; Romania; California; Iowa; New York, New York
GoDaddy powers the world's largest cloud platform dedicated to small, independent ventures. With 20 million customers worldwide, GoDaddy is the place people come to name their idea, build a professional website, attract customers and manage their work. Our mission is to empower entrepreneurs everywhere, making opportunity more inclusive for all. To learn more about the company visit www.GoDaddy.com.
We’ve adapted our hiring process in response to COVID-19. To learn more about what GoDaddy is doing differently click here.
You understand the importance of Security and you know how things should be done from the beginning. You care deeply about protecting major sites from hackers and bad actors, but you often have to follow a set of standards someone else established. GoDaddy is looking for the right person who can build out the template on how Pen Testing is done to shield our 19 Million clients in a role that will evolve into a leadership position.
We are focused on attracting a highly-talented and enthusiastic Pen Tester. You will be a key member of the GoDaddy security team, working with business units across the company to protect our environment and making sure we meet the compliance requirements of the PCI Data Security Standard, PKI , as well as security assessment of GoDaddy assets . You and the team will focus on conducting Penetration testing and other audit tasks . The ideal candidate for the role is a senior Penetration testing with experience in PCI, PKI, Cloud platform, various web applications and API testing.
The Senior Penetration Tester should have a combination of experience and certifications. Experience should be identified by previous job duties, published work, work experience, projects or public presentations. The requirements for this position are:
- Detailed understanding of networking and common TCP/IP protocols
- Proven understanding of Payment Card Industry knowledge and pen testing concepts
- Proficient programming capabilities
- 4 years of experience in vulnerability discovery / security engineering / application security
- At least 3 years of recent experience with a focus on Penetration Testing
- Demonstrated history of Penetration testing
- Experience working in a large cloud or Internet software company preferred
- Knowledge of web application design & implementation concepts to include supporting systems
- Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
- Excellent interpersonal skills
- Ability to scope and perform segmentation testing, as defined in the PCI-DSS, in order to validate our scope reduction
- Ability to succeed through collaboration and working through internal and external organizations and individuals
- Ability to test API and AWS based products.
- Detailed knowledge of common vulnerabilities, exploits, and attacks used during a penetration test
- Ability to manage and run penetration testing engagement on your own
- Expert knowledge, skills, and abilities in the use of common vulnerability assessment and penetration testing tools such as Metasploit, Nessus, Nmap, Burp Suite, PowerSploit, Empire, Qualys and Impacket. These are examples and are not a requirements list.
- Basic familiarity with Incident response framework, EDRs, SIEM and Security devices
- Prior DevOps or continuous delivery and deployment experience preferred
- OSCP, OSCE, CREST, GPEN, GWAPT, GXPN, and other industry certifications are a plus
- Strong application/product/software security background
- Threat modeling, adversary emulation, or long duration Red Team exercises
Other related skills
- Verbal and written communication skills
- Interpersonal and conflict resolution skills
- Customer centric focus
- Creative problem solving and analytical thinking
- Willing to accept new challenges and learn in new areas
- Flexible and responsive to changing situations; adaptable to changing requirements
- Able to write and produce full Pen Testing and security assessment reports
- Technical writing skills are an essential part of detailing issues
- We are looking for people who have the spark of leadership within them because we are BIG believers in promoting from within
- Have experience crafting a Penetration Testing Program
- Have desire to create a Pen Testing Program
Technologies You Should Know
Metasploit, Kali Linux, Burp suite, ZAP, Tanium, AppSpider, Open VAS, Nessus, Qualys, NMAP, Jira, AWS or equivalent
GoDaddy is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, creed, religion, sex, sexual orientation, gender, gender identity or expression, medical condition, national origin, ancestry, citizenship, marital status or civil partnership/union status, physical or mental disability, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state or local law. GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements.
If you need assistance completing an application for a position with us, please reach out to our Recruiting Team at firstname.lastname@example.org
Please note that GODADDY does not accept unsolicited resumes from recruiters or employment agencies.
To submit your application to this position, please click Apply . On the next screen, after you click Apply, click Create to establish your candidate account. If you have previously created a candidate account, please slick Sign-In and use that account to complete your application.