Senior Security Engineer - Penetration Testing Team

Do you love penetration testing, application security and finding bugs in cutting-edge technology stacks?
We're looking for a Senior Security Testing Engineer to be part of a rapidly expanding Security Testing team that is dedicated to supporting the secure development of Atlassian products. As Principal, you will be a Technical SME, execute penetration testing, automation, techniques and methodologies to find meaningful vulnerabilities which off-the-shelf tools won't.
Working at Atlassian
Atlassians can choose where they work - whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company.
In this role you will be responsible for Penetration Testing and Manual Code Review across Atlassian's vast products and systems. You will lead and support others in technically validating the state of Atlassian's technical security, working closely with our security teams and engineering groups.
Day-to-day this person will be:

• Highly experienced in offensive security, penetration testing and application security
• Providing SME knowledge and guidance to engineering teams
• Skilled with common exploitation frameworks such as Metasploit, Core Impact & Canvas
• Working knowledge of KALI Linux or other testing distributions and most of the tools within
• Able to automate pen testing/code review testing workflows and tasks
• Analysing vulnerability data for trends, gaps
• Assessing Atlassian's estate and products for potential pen testing scope items

On your first day, we'll expect you to have:

• The ability to complete a penetration test and code review of a modern cloud application
• Worked in a senior penetration testing/application security role
• Experience in automating a testing workflow
• Experience leading security projects or complex penetration tests
• Strong, practical understanding of security testing methodologies, supporting infrastructure requirements and awareness of legal considerations
• Strong collaboration and communication skills when working with closely with deeply technical development and infrastructure teams
• Experience working with security operations teams to develop detection logic
• Comfortable operating in and reviewing modern cloud technologies from providers such as AWS, Azure and GCP

It's great, but not required, if you have:

• CVE's to your name
• Contributions to open source security software or penetration testing tools
• Delivered industry presentations
• Certifications: OSCP, OSCE, OSWE, CREST CRT, GPEN

Benefits & Perks
Atlassian offers a wide range of perks and benefits designed to support you, your family and to help you engage with your local community. Our offerings include health and wellbeing resources, paid volunteer days, and so much more. To learn more, visit go.atlassian.com/perksandbenefits .
About Atlassian
At Atlassian, we're motivated by a common goal: to unleash the potential of every team. Our software products help teams all over the planet and our solutions are designed for all types of work. Team collaboration through our tools makes what may be impossible alone, possible together.
We believe that the unique contributions of all Atlassians create our success. To ensure that our products and culture continue to incorporate everyone's perspectives and experience, we never discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. All your information will be kept confidential according to EEO guidelines.
To provide you the best experience, we can support with accommodations or adjustments at any stage of the recruitment process. Simply inform our Recruitment team during your conversation with them.
To learn more about our culture and hiring process, visit go.atlassian.com/crh .