Be aware of scams on social media involving phony job postings. Learn more


Staff Offensive Security Researcher

Location: San Diego, CA, USA

Notice

This position is no longer open.

Requisition Number: 200246

External Description:

Staff Offensive Security Researcher

Our Team

The offensive security group is the research and assurance arm of the Product Security Team. While the larger team provides security guidance to the product development teams, our group is tasked with ensuring that guidance is carried out and executed effectively. Through a variety of security assessments, we endeavor to provide valuable assistance to Teradata in understanding what threats exist and what their realistic impact to our products and services can be. We encourage research projects and conference presentations to show Teradata is an industry leader in security. From in depth code analysis and exploit development to wide scope full scale adversary simulation, the offensive security group will be pushing boundaries to provide a safer and more secure environment for Teradata’s customers and employees alike.

  

Your Opportunity

As a Staff Offensive Security Researcher, you will be a key contributor to all aspects of the Teradata offensive security program.  Every day is different as we strive to identify security risks, automate repeatable tasks and processes, and support our product teams as they build secure, next-generation analytics toolsets.  A participant in architecture and design meetings, your alternative perspective will ensure robust and hardened products.  You will design and execute a variety of security assessments, including penetration test, vulnerability assessments, and red team operations to explore and demonstrate potential threats and highlight risk. As part of a small and diverse team of experts in their field you will be learning and growing on a daily basis. You will provide valuable insight to senior members of teams across Teradata, helping them to develop a security first mindset.

Responsibilities

  • Lead threat model reviews and provide alternative perspective on potential security concerns
  • Conduct wide range of internal security assessments using architecture and threat model documents to identify and exploit product security flaws before public release
  • Act as liaison between external penetration testing firms and internal product teams to ensure low friction, high value external engagements
  • Assist product teams in remediation efforts by clarifying finding details and identifying best practice fixes or mitigations
  • Participate in working groups to evaluate and refine secure development lifecycle strategies and procedures
  • Evaluate existing automated security scanning tools, or develop when practical, to identify vulnerabilities in continuous test environment to eliminate potential of repeat findings over multiple tests
  • Contribute to and support effort to build intellectual property via patents
  • Design and present developer security education
  • Conduct security assessments such as penetration tests, vulnerability assessments, and red team operations
  • Write and present detailed reports with findings and remediation recommendations, with both technical and non-technical staff as audience

Qualifications

  • Excellent written and verbal communication skills
  • Ability to communicate effectively with business representatives in explaining findings clearly and where necessary, in layman's terms
  • Knowledge of networking fundamentals (all OSI layers)
  • Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes
  • Knowledge of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, etc
  • Ability to automate tasks using a scripting language (Python, Ruby, etc)
  • Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
  • Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
  • Knowledge of conducting physical security penetration testing in small independent teams
  • Knowledge of malware packing and obfuscation techniques
  • Ability to perform targeted penetration tests without use of automated tools
  • Ability to read multiple programming and scripting languages
  • Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work
  • 5+ years in an offensive security position or 8+ years in security
  • Advanced Penetration testing focused certifications preferred (OSCE, GXPN, GWAPT, eWPTX, ECPTX)

 

*Our total compensation approach includes a competitive base salary, 401(k), strong work/family programs, and medical, dental and disability coverage.

 
Teradata is an Equal Opportunity/Affirmative Action Employer and commits to hiring returning veterans. 

 

 

wr-security

CountryEEOText_Description: Teradata invites all identities and backgrounds in the workplace. We work with deliberation and intent to ensure we are cultivating collaboration and inclusivity across our global organization. ​ We are proud to be an equal opportunity and affirmative action employer. We do not discriminate based upon race, color, ancestry, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related conditions), national origin, sexual orientation, age, citizenship, marital status, disability, medical condition, genetic information, gender identity or expression, military and veteran status, or any other legally protected status.

City: San Diego

State: California

Community / Marketing Title: Staff Offensive Security Researcher

Job Category: Engineering

Company Profile:

Our Company

At Teradata, we believe that people thrive when empowered with better information. That’s why we built the most complete cloud analytics and data platform for AI. By delivering harmonized data, trusted AI, and faster innovation, we uplift and empower our customers—and our customers’ customers—to make better, more confident decisions. The world’s top companies across every major industry trust Teradata to improve business performance, enrich customer experiences, and fully integrate data across the enterprise.

LinkedIn Remote:

Location_formattedLocationLong: San Diego, California US

.