Lead Offensive Security Engineer (Cloud)

Core responsibilities:

• Lead the technical execution of challenging offensive security projects focused on Cloud Security for our customers
• Identify nuanced vulnerabilities in cloud environments
• Develop custom methodologies, payloads, exploits, and tools to ensure project success
• Develop documentation for novel mitigation strategies to emerging or undocumented security risks identified in client environments
• Develop comprehensive reports and presentations for our customers
• Serve as a mentor to other engineers in their technical and professional development
• Collaborate with the security community to develop novel attack techniques, tactics, and procedures (TTPs) through Praetorian’s Security Blog and other forms of community engagement

Desired qualifications:

• Demonstrated passion for cybersecurity
• BS in Computer Science, Engineering, Mathematics, or Physics or equivalent experience
• 5+ years of Cloud Security experience in AWS, Azure and/or GCP
• Additional experience in at least 3 of the following:
  • Product Security Testing (Application, Mobile, LLM)
  • Network Security Testing and/or Red Team
  • Web Application Penetration Testing
  • IoT Security (Embedded, Firmware, Wireless)
  • Secure Code Review
  • Reverse Engineering 
  • Vulnerability Research/ Exploit Development
• Understanding of threat models, attack paths and intelligence considerations within the scoping of technical projects 
• Ability to write technical reports and present technical findings both internally and externally
• Experience with startup and/or high-tech companies
• Familiarity with container orchestration technologies such as Kubernetes
• OSCP, AWS Security Specialty, Azure Security AZ-500, GCP Pro Security,  GCP Pro DevOps, Azure AZ-400, AWS DevOps Pro, CKA, CKS OSCE, OSEE, or OSWE certifications

+1 Qualifications:

• Prior security consulting experience
• Software or web application development experience in multiple languages
• Experience with cutting edge technology stacks and modern security technologies
• Advanced technical knowledge in any of the following:
  • Exploit development beyond Windows and for MacOS X or Linux 
  • Reverse engineering malware, data obfuscators, or ciphers
  • Software maturity models such as OpenSAMM, BSIMM, and SDL
  • Identity technologies for Azure AD, Auth0, Firebase, OKTA, or Google Identity
  • Secrets management such as Hashicorp Vault and cloud native KMSs
  • Containerization technologies such as Docker and registry platforms such as DockerHub, ACR, ECR, & GCR
  • Orchestration technologies such as Kubernetes and cluster management platforms such as AKS, EKS, & GKE
  • Command and control channel frameworks and deployment
  • Automotive security, ICS/SCADA, Network device security, Medical device security, Home automation security, and/or cryptocurrency wallet security
  • Hardware RE, software RE, firmware analysis, embedded cryptography, wireless protocols, Software-defined radio, glitching, side-channel analysis, and/or IoT PaaS and similar technologies
• Capture-the-flag, CCDC, CPTC or other security related competitions
• Ranked achievements on testing platforms such as Hack the Box, Tryhackme, Portswigger, Proving Ground and similar 
• Pursuit of advanced learning opportunities via security training courses, conferences, personal projects and similar 
• Track record in vulnerability research and CVE assignments
• Security community experience via presentations, conference attendance, blogs, white papers and similar 
• OSCE, OSEP, OSED, CRTO, cloud certifications and similar 
• Ability to travel up to 15% to support client engagements

Desired Behaviors:

• Fanatical passion for cybersecurity and the challenges it presents
• Customer centric focus with an obsessive need to wow and delight each client
• Ability to maintain high levels of output and work ethic
• Personable individual who enjoys working in a team-oriented environment
• Self-starter and independent learner that is able to spin up quickly

• Competitive salary
• Equity Incentive Plan, offering ownership stakes in the company
• Continuous learning opportunities through our internal Learning & Development (L&D) program, including training, certifications, and conferences to support your career growth
• Recognition and rewards for speaking engagements at industry events and conferences
• Comprehensive health and dental insurance coverage
• Immediate 401(k) matching
• Paid maternity and paternity leave