VMware Security Test Engineer- Opportunity for Working Remotely in Denver, Colorado
This job requisition is not eligible for employment-based immigration sponsored by VMware.
The Elevator Pitch:
You are the cool kid who gets paid to break into networks, systems, and applications legally. Along the way, you may make use of any open-source penetration tools or you may design some of these tools yourself. Your work helps VMware to become more secure against potential cyber-attacks and has a significant impact on security risk to VMware and its customers.
What is the primary need, technical challenge, and/or problem you will be responsible for?
With our growth of technology offerings and cloud services footprint, we must increase penetration testing in order to discover existing vulnerabilities and logic flaws that may be hidden in VMware applications and infrastructures. You will be part of the Red team to conduct security tests, review findings, and suggest corrective actions with the concerned teams and management.
Success in the Role: What are the performance goals over the first 6-12 months you will work toward completing?
You will assess and approve firewall change requests within SLA
You will validate and provide risk assessment on security issues reported by external researchers within 48 hours
You will conduct application and infrastructure penetration tests independently
You will provide remediation support on penetration test findings
What type of work will you be doing? What assignments, requirements, or skills will you be performing on a regular basis?
Perform security testing to identify weaknesses and countermeasures and providing timely assessment reports to key stakeholders
Conduct attack surface reviews and recommend layered defenses to prevent exploits, detect and intercept attacks, and discover threat agents
Perform complex security test data analysis in support of security vulnerability assessment processes, including root cause analysis
Monitor vulnerability disclosure mailing lists and threat intelligence feeds to identify and triage new threats and vulnerabilities targeting VMware
Serve as an escalation point on issues, dependencies, and risks related to security testing and vulnerability management.
Required skills and experience:
5 years of experience in performing penetration testing in both application and infrastructure levels.
Extensive experience using security testing and analysis tools (Metasploit, Burp Suite, Kali, Wireshark, Nmap, AppCheck, Fortify, etc)
Experience using common vulnerability scanning tools (Nessus, Qualys, AppScan, etc)
Experience conducting security testing for cloud services (Amazon Web Services, Microsoft Azure, Google Cloud Platform).
Expert knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
Experience with security source code review and development experience in C/C++, Java, Python.
Strong analytical skills and ability to identify advanced threats.
Ability to interact effectively at all levels of an organization, across diverse cultural and linguistic barriers, and as part of a geographically distributed team.
Ability to collaborate effectively as part of a team and work independently with minimal supervision.
Ability to prioritize projects and deliverables.
Comfortable facing new challenges and changes in direction.
Self-motivated, team player, and detail oriented.
Positive and constructive attitude.
Excellent written and verbal communications.
Availability outside working hours for high priority events.
Some travel required.
Bachelor’s degree or equivalent experience.
Certifications such as OSCP, OSCE, GPEN, CEH, CISSP.
What is the leadership like for this role? What is the structure and culture of the team like?
The hiring manager for this role is a Senior Manager of Red Team and has 15 years’ experience in a variety of roles in information security. He started his career as a software engineer from developing low-level device drivers to 3-tiers web applications. He then took his engineering background to the information security field where he focused on data loss prevention, vulnerability management, and penetration testing.
Management philosophy is about encouraging everyone on the team to be an independent thinker and working smart instead of working long. Currently, the Red team is made up of 5 highly skilled pen testers who come from diverse technical backgrounds, but have a common passion for finding security weaknesses in VMware infrastructures and applications.
What are the benefits and perks of working at VMware?
You and your loved ones will be supported with a competitive and comprehensive benefits package. Below are some highlights, or you can view the complete benefits package by visiting www.benefits.vmware.com .
Employee Stock Purchase Plan
Medical Coverage, Retirement, and Parental Leave Plans for All Family Types
Generous Time Off Programs
40 hours of paid time to volunteer in your community
Rethink's Neurodiversity program to support parents raising children with learning or behavior challenges, or developmental disabilities
Financial contributions to your ongoing development (conference participation, trainings, course work, etc.)
Healthy and local inspired snacks in all our on-site pantries
Category : Engineering and Technology
Subcategory: Information Security
Experience: Manager and Professional
Full Time/ Part Time: Full Time
Posted Date: 2020-09-10
VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.
Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.