Jobs · Information Technology · California

Senior Offensive Security Engineer

Chime · San Francisco, CA · 4 wk ago
HybridInformation Technology$181k/yrFull-time

About the role

We are seeking a Senior Security Engineer to build and lead our Offensive Security program. In this role, you will attack Chime’s services, applications, and infrastructure to discover security issues and report them to our internal technology teams. This position will offer you the opportunity to grow your technical and leadership skills while being part of a collaborative and dynamic team that finds joy in problem-solving and innovating together at Chime.

Requirements

  • 4+ years of combined experience in either an offensive security, red teaming, or application security role.
  • Experience in conducting surreptitious cloud based attacks.
  • Experience with developing custom tools and payloads which bypass defensive products, and remain undetected in a mature network environment.
  • Ability to perform unsupervised red team engagements and experience with performing adversarial simulation.
  • Ability to explain vulnerabilities and weaknesses to non-technical stakeholders.
  • (Nice to have) Relevant certifications: OSCP, OSCE, OSEE, CRTO, GRTP

Qualifications

  • Passionate about analyzing codebases, testing hypotheses, and designing tools to impact web applications and their infrastructure.
  • Work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Chime.
  • Leverage the knowledge gained about Chime to find new ways to break services, processes, and infrastructure throughout the company.

Skills

  • Independently manage complete red team exercises.
  • Partner with Engineering, Product, IT, and other business functions to drive security improvement across the organization.
  • Research emerging attack vectors, vulnerabilities and techniques.
  • Utilize offensive skills to identify weaknesses and build defenses against those who may point their attacks at Chime.
  • Develop custom payloads and exploits.
  • Emulate adversaries like cybercriminals and insider threats by attacking web applications, cloud platforms and supporting services (Kubernetes / Container Orchestration platforms etc.).
  • Collaborate closely with detection engineers to build high fidelity alerting based on emerging attack vectors and tactics, techniques and procedures.
  • Participate in purple-team exercises to mature the security program.

Pay

The base salary offered for this role and level of experience will begin at $181,000 and up to $250,000. Full-time employees are also eligible for a bonus, competitive equity package, and benefits. The actual base salary offered may be higher, depending on your location, skills, qualifications, and experience.

Similar jobs