Athena
Direct message the job poster from Athena
Overview
We are seeking a Security Validation Engineer to join our Red Team. This role is focused on identifying, validating, and exploiting vulnerabilities across systems, applications, and infrastructure to simulate real-world adversary behavior. As part of the security organization, you will help evaluate and strengthen our security posture by rigorously testing defenses, collaboratively reporting findings, and recommending mitigations. Key Responsibilities
Plan, design, and execute red team engagements across infrastructure, applications, and cloud environments. Conduct manual and automated penetration testing to identify exploitable vulnerabilities and misconfigurations. Develop and execute adversary emulation scenarios to validate detection and response capabilities. Perform end-to-end attack simulations, including tactics such as phishing, lateral movement, privilege escalation, and data exfiltration. Build and maintain custom tools, scripts, or frameworks to support red team operations. Validate the effectiveness of blue team defenses and provide actionable feedback for improving detection, prevention, and response measures. Document findings with clear risk impact assessment and remediation guidance. Collaborate closely with incident response, threat intelligence, and engineering teams to share attacker tradecraft and improve security controls. Stay current with emerging threats, vulnerabilities, and offensive security techniques. Required Qualifications
Strong knowledge of penetration testing methodologies (OWASP, MITRE ATT&CK, NIST, etc.). Proficiency in exploitation frameworks, scripting, and tools (e.g., Cobalt Strike, Metasploit, Burp Suite, BloodHound, Python, PowerShell). Hands-on experience with attack vectors across networks, operating systems, applications, and cloud platforms. Familiarity with Active Directory attacks, privilege escalation, persistence techniques, and evasion methods. Understanding of enterprise defense mechanisms such as EDR, SIEM, logging, and network monitoring. Solid problem-solving and analytical skills with the ability to think like an attacker. Excellent written and verbal communication skills for documenting findings and presenting results to both technical and non-technical audiences. Preferred Skills
Prior experience in a Red Team, Purple Team, or advanced penetration testing role. Knowledge of adversary emulation frameworks and threat modeling. Scripting capability (Python, PowerShell, Bash, or Go). OSCP, OSCE, OSEP, CRTP, or similar offensive security certifications. Knowledge of cloud security (AWS, Azure, GCP) attack surfaces. Employment type
Full-time Locations considered: Sunnyvale, CA; Hayward, CA; San Jose, CA. Salary ranges vary by location and experience: Sunnyvale $139,000 - $200,000; Hayward $100,000 - $130,000; Sunnyvale $120,000 - $135,000; San Jose $75,000 - $138,000. We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
We are seeking a Security Validation Engineer to join our Red Team. This role is focused on identifying, validating, and exploiting vulnerabilities across systems, applications, and infrastructure to simulate real-world adversary behavior. As part of the security organization, you will help evaluate and strengthen our security posture by rigorously testing defenses, collaboratively reporting findings, and recommending mitigations. Key Responsibilities
Plan, design, and execute red team engagements across infrastructure, applications, and cloud environments. Conduct manual and automated penetration testing to identify exploitable vulnerabilities and misconfigurations. Develop and execute adversary emulation scenarios to validate detection and response capabilities. Perform end-to-end attack simulations, including tactics such as phishing, lateral movement, privilege escalation, and data exfiltration. Build and maintain custom tools, scripts, or frameworks to support red team operations. Validate the effectiveness of blue team defenses and provide actionable feedback for improving detection, prevention, and response measures. Document findings with clear risk impact assessment and remediation guidance. Collaborate closely with incident response, threat intelligence, and engineering teams to share attacker tradecraft and improve security controls. Stay current with emerging threats, vulnerabilities, and offensive security techniques. Required Qualifications
Strong knowledge of penetration testing methodologies (OWASP, MITRE ATT&CK, NIST, etc.). Proficiency in exploitation frameworks, scripting, and tools (e.g., Cobalt Strike, Metasploit, Burp Suite, BloodHound, Python, PowerShell). Hands-on experience with attack vectors across networks, operating systems, applications, and cloud platforms. Familiarity with Active Directory attacks, privilege escalation, persistence techniques, and evasion methods. Understanding of enterprise defense mechanisms such as EDR, SIEM, logging, and network monitoring. Solid problem-solving and analytical skills with the ability to think like an attacker. Excellent written and verbal communication skills for documenting findings and presenting results to both technical and non-technical audiences. Preferred Skills
Prior experience in a Red Team, Purple Team, or advanced penetration testing role. Knowledge of adversary emulation frameworks and threat modeling. Scripting capability (Python, PowerShell, Bash, or Go). OSCP, OSCE, OSEP, CRTP, or similar offensive security certifications. Knowledge of cloud security (AWS, Azure, GCP) attack surfaces. Employment type
Full-time Locations considered: Sunnyvale, CA; Hayward, CA; San Jose, CA. Salary ranges vary by location and experience: Sunnyvale $139,000 - $200,000; Hayward $100,000 - $130,000; Sunnyvale $120,000 - $135,000; San Jose $75,000 - $138,000. We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr