Offensive Security Engineer
Location: San Diego, California US
Requisition Number: 201196
Position Title: Engineer (IV)
Offensive Security Engineer
The offensive security group is the research and assurance arm of the Product Security Team. While the larger team provides security guidance to the product development teams, our group is tasked with ensuring that guidance is carried out and executed effectively. Through a variety of security assessments, we endeavor to provide valuable assistance to Teradata in understanding what threats exist and what their realistic impact to our products and services can be. We encourage research projects and conference presentations to show Teradata is an industry leader in security. From in depth code analysis and exploit development to wide scope full scale adversary simulation, the offensive security group will be pushing boundaries to provide a safer and more secure environment for Teradata’s customers and employees alike.
As an Offensive Security Engineer, you will be a key contributor to all aspects of the Teradata offensive security program. Every day is different as we strive to identify security risks, automate repeatable tasks and processes, and support our product teams as they build secure, next-generation analytics toolsets. A participant in architecture and design meetings, your alternative perspective will ensure robust and hardened products. You will design and execute a variety of security assessments, including penetration test, vulnerability assessments, and red team operations to explore and demonstrate potential threats and highlight risk. As part of a small and diverse team of experts in their field you will be learning and growing on a daily basis. You will provide valuable insight to senior members of teams across Teradata, helping them to develop a security first mindset.
- Lead threat model reviews and provide alternative perspective on potential security concerns
- Conduct wide range of internal security assessments using architecture and threat model documents to identify and exploit product security flaws before public release
- Act as liaison between external penetration testing firms and internal product teams to ensure low friction, high value external engagements
- Assist product teams in remediation efforts by clarifying finding details and identifying best practice fixes or mitigations
- Participate in working groups to evaluate and refine secure development lifecycle strategies and procedures
- Evaluate existing automated security scanning tools, or develop when practical, to identify vulnerabilities in continuous test environment to eliminate potential of repeat findings over multiple tests
- Contribute to and support effort to build intellectual property via patents
- Design and present developer security education
- Conduct security assessments such as penetration tests, vulnerability assessments, and red team operations
- Write and present detailed reports with findings and remediation recommendations, with both technical and non-technical staff as audience
- Excellent written and verbal communication skills
- Ability to communicate effectively with business representatives in explaining findings clearly and where necessary, in layman's terms
- Knowledge of networking fundamentals (all OSI layers)
- Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes
- Knowledge of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, etc
- Ability to automate tasks using a scripting language (Python, Ruby, etc)
- Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
- Knowledge of conducting physical security penetration testing in small independent teams
- Knowledge of malware packing and obfuscation techniques
- Ability to perform targeted penetration tests without use of automated tools
- Ability to read multiple programming and scripting languages
- Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work
- 5+ years in an offensive security position or 8+ years in security
- Advanced Penetration testing focused certifications preferred (OSCE, GXPN, GWAPT, eWPTX, ECPTX)
*Our total compensation approach includes a competitive base salary, 401(k), strong work/family programs, and medical, dental and disability coverage.
Teradata is an Equal Opportunity/Affirmative Action Employer and commits to hiring returning veterans.
CountryEEOText_Description: Teradata is an Equal Opportunity/Affirmative Action Employer and commits to hiring returning veterans.
City: San Diego
Community / Marketing Title: Offensive Security Engineer
Job Category: Engineering
With all the investments made in analytics, it’s time to stop buying into partial solutions that overpromise and underdeliver. It’s time to invest in answers. Only Teradata leverages all of the data, all of the time, so that customers can analyze anything, deploy anywhere, and deliver analytics that matter most to them. And we do it at scale, on-premises, in the Cloud, or anywhere in between.
We call this Pervasive Data Intelligence. It’s the answer to the complexity, cost, and inadequacy of today’s analytics. And it's the way Teradata transforms how businesses work and people live through the power of data throughout the world. Join us and help create the era of Pervasive Data Intelligence.
Location_formattedLocationLong: San Diego, California US