Samsung Research America
Senior Penetration Tester, Android Security 665 Clyde Avenue, Mountain View, CA
Samsung Research America, Mountain View, California, United States, 94043
Senior Penetration Tester, Android Security
The Development Quality Innovation (DQI) lab in Mountain View has a dual role that is first to research new automation tools as well as take current tools and refine them to our needs. Second, act as a centralized QA group to provide quality assessment by creating comprehensive E2E test strategy for various Endpoint security solution developed. This duality provides a unique opportunity to explore new concepts in different technologies and perform original research in quality domain. We are looking for a Senior Penetration Tester, that conducts pre-authorized simulated attacks on our groundbreaking B2B enterprise products and services to test system resilience. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective, and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques. Our ideal candidate is a creative thinker and an excellent communicator who is comfortable working in a demanding, fast-paced environment. If you have a passion for security and a strong understanding of the latest technologies, we want to hear from you! Position Responsibilities
Develop expertise in our product solutions, deep diving into design/architecture, & execute white box and black box penetration scenarios Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets such as Android platform, Android Apps, Backend APIs, and Cloud services Research and conduct adversary simulation for known security threats and identify novel attack vectors to test a system's relative security readiness Conduct Threat modelling, Threat Intelligence and scoping with stakeholders Assist in creating and maintaining internal penetration testing and practice within QA team Build Test harness & required Automation suites and validate attack vectors in Threat Lab Creating and targeting journals publications on security research Vulnerability logging and tracking until closure Co-ordinate with program management, security architects at Internal & offshore sites to present the plan, strategy and reports Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices Research and developing exploits for zero-day vulnerabilities Required Skills
Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent combination of education training and experience 5+ years' experience in Penetration testing including with 2+ year experience in Android Comprehensive knowledge in Information Security practices on malware, phishing attacks, attack vectors and methods to protect against threats Extensive Knowledge in Java, Kotlin or C or any relevant programming language Experience with reverse engineering tools (e.g. IDA Pro & Ghidra), debugging tools (e.g. JTAG/SWD) Strong communications, documentation and reporting skills Special Attributes
Experience in Endpoint security platforms History in cyber security competitions or CTFs Blogpost on security research, walkthroughs or PoCs on security domain Malware development or reverse engineering experience Experience testing Endpoint Detection & Response (EDR), Extended Detection & Response (XDR) platforms, Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) or related products Cyber Security or Security relevant disciplines Certifications in offensive security: OSCP or OSWA or OSWE or CRTO or BSCP or similar Base Pay Range $158,800 - $218,100 USD Disclosure of Trade Secrets Samsung has a strict policy on trade secrets. In applying to Samsung and progressing through the recruitment process, you must not disclose any trade secrets of a current or previous employer. Essential Job Functions This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, and frequently operate standard office equipment, such as telephones and computers. Equal Employment Opportunity At Samsung, we believe that innovation and growth are driven by an inclusive culture and a diverse workforce. We aim to create a global team where everyone belongs and has equal opportunities, inspiring our talent to be their true selves. Together, we are building a better tomorrow for our customers, partners, and communities. Samsung Research America is committed to employing a diverse workforce, and provide Equal Employment Opportunity for all individuals regardless of race, color, religion, gender, age, national origin, marital status, sexual orientation, gender identity, status as a protected veteran, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law.
The Development Quality Innovation (DQI) lab in Mountain View has a dual role that is first to research new automation tools as well as take current tools and refine them to our needs. Second, act as a centralized QA group to provide quality assessment by creating comprehensive E2E test strategy for various Endpoint security solution developed. This duality provides a unique opportunity to explore new concepts in different technologies and perform original research in quality domain. We are looking for a Senior Penetration Tester, that conducts pre-authorized simulated attacks on our groundbreaking B2B enterprise products and services to test system resilience. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective, and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques. Our ideal candidate is a creative thinker and an excellent communicator who is comfortable working in a demanding, fast-paced environment. If you have a passion for security and a strong understanding of the latest technologies, we want to hear from you! Position Responsibilities
Develop expertise in our product solutions, deep diving into design/architecture, & execute white box and black box penetration scenarios Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets such as Android platform, Android Apps, Backend APIs, and Cloud services Research and conduct adversary simulation for known security threats and identify novel attack vectors to test a system's relative security readiness Conduct Threat modelling, Threat Intelligence and scoping with stakeholders Assist in creating and maintaining internal penetration testing and practice within QA team Build Test harness & required Automation suites and validate attack vectors in Threat Lab Creating and targeting journals publications on security research Vulnerability logging and tracking until closure Co-ordinate with program management, security architects at Internal & offshore sites to present the plan, strategy and reports Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices Research and developing exploits for zero-day vulnerabilities Required Skills
Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent combination of education training and experience 5+ years' experience in Penetration testing including with 2+ year experience in Android Comprehensive knowledge in Information Security practices on malware, phishing attacks, attack vectors and methods to protect against threats Extensive Knowledge in Java, Kotlin or C or any relevant programming language Experience with reverse engineering tools (e.g. IDA Pro & Ghidra), debugging tools (e.g. JTAG/SWD) Strong communications, documentation and reporting skills Special Attributes
Experience in Endpoint security platforms History in cyber security competitions or CTFs Blogpost on security research, walkthroughs or PoCs on security domain Malware development or reverse engineering experience Experience testing Endpoint Detection & Response (EDR), Extended Detection & Response (XDR) platforms, Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) or related products Cyber Security or Security relevant disciplines Certifications in offensive security: OSCP or OSWA or OSWE or CRTO or BSCP or similar Base Pay Range $158,800 - $218,100 USD Disclosure of Trade Secrets Samsung has a strict policy on trade secrets. In applying to Samsung and progressing through the recruitment process, you must not disclose any trade secrets of a current or previous employer. Essential Job Functions This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, and frequently operate standard office equipment, such as telephones and computers. Equal Employment Opportunity At Samsung, we believe that innovation and growth are driven by an inclusive culture and a diverse workforce. We aim to create a global team where everyone belongs and has equal opportunities, inspiring our talent to be their true selves. Together, we are building a better tomorrow for our customers, partners, and communities. Samsung Research America is committed to employing a diverse workforce, and provide Equal Employment Opportunity for all individuals regardless of race, color, religion, gender, age, national origin, marital status, sexual orientation, gender identity, status as a protected veteran, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law.