Security Engineer - Penetration (Pen) Tester (ADX-297-20)
In October 2020, Invitae Corporation (NYSE: NVTA) combined with ArcherDX, a genomic analysis company specializing in cancer diagnostics and monitoring, to create a leading comprehensive medical and cancer genetics company. As a combined company, Invitae, is bringing world-class genetic testing and diagnostics into mainstream medicine to improve healthcare for billions of people. Our goal is to aggregate the world’s genetic tests into a single service with higher quality and accuracy, faster turnaround time and actionable results. Learn more at invitae.com and archerdx.com.
The Security Engineer - Penetration Tester has a broad scope of responsibilities ranging from testing a variety of ArcherDX’s flagship cloud-based genomics products, relaying findings to owners and information security teams, and helping to drive overall improvements to ArcherDX’s security posture. This position will have a special focus on penetration testing, uncovering the security vulnerabilities, and working with the appropriate product owners to help mitigate vulnerabilities.
We are looking for a smart, passionate, and experienced Penetration Tester with a broad range of experience working in dynamic enterprise environments.
Job performance will involve a variety of activities including:
- Prioritize, lead, and perform advanced penetration testing for network, web applications, business application, and cloud infrastructure.
- Guide the team in the development of technical frameworks, tools and execution of pen tests
- Conduct red team assessments and adversary emulation engagements to support the organizations risk management program.
- Coordinate and execute “Purple teaming” exercises in collaboration with the Security Operations team
- Collaborate with 3rd parties including consulting firms and security researchers on coordinating assessments, validating vulnerability reports/findings and influencing remediation
- Build processes to coordinate pentests and establish remediation cadence cross-functions
- Scope and deliver security testing engagements on-time within stakeholder requirements and organizational needs
- Work closely with the Information Security team and Software Development teams in securing product software and network assets
- Provide technical reviews of deliverables, results and internal documentation
- Evaluate remediation suggestions and provide consultative support with implementation f remediation steps, standards, and best practices where needed,
- At least 2 years’ experience in an IT or security function, with at least 1 year of hands-on experience in a penetration testing role
- Experience with Python, PowerShell, or similar scripting language
- Experience using industry standard offensive security tools
- You have proven experience pen testing in web applications, network, wifi and cloud computing solution (AWS, GCP, Kubernetes/Docker)
- You have a proficiency with enterprise operating systems, including Linux and Windows
- You have practical experience with assessing encryption, IAM systems, VPN and authentication technologies
- Strong familiarity with at least one of the following: OWASP Top 10, PTES, or NSA Vulnerability and Penetration Testing Standards
- Experience facilitating penetration testing efforts in one or more of the following Compliance frameworks (FedRAMP, PCI, SOCII, HIPAA)
- Experience with API penetration testing
- Experience with containerization offensive techniques
- Drive and determination
- Ability to work in a fast paced and dynamic environment
- Ability to participate with others as a member of the team to ensure that demanding and difficult projects are handled smoothly and cooperatively to enhance the success of the projects and maintain strong relationships within all parts of the company.
- Strong communication and presentation skills
- Driven to perform
- Self-directed: needs little explicit direction
- Able to organize, prioritize, and delegate tasks to efficiently move projects forward.
- BS (or equivalent) in Cyber security, Information Security, IT, EE, Network Engineering, Computer Science, or related field
Read Full Job Description