Security Engineer II (Pen Testing) in Bellevue, WA

$100K - $150K(Ladders Estimates)

Expedia   •  

Bellevue, WA 98004

Industry: Consumer Technology


5 - 7 years

Posted 38 days ago

This is an excellent opportunity for an experienced, forward-looking red teamer (adversary attack simulation) to join enterprise security penetration testing capability at Expedia Group. This requires highly skilled and experienced penetration testing/red team specialists who can ensure Expedia Group has the ability to uncover and subsequently remediate vulnerabilities through the delivery of high vigilance and transparency.

Expedia Group is looking for you to perform pen tests on its infrastructure and applications. You will perform the full cycle of penetration testing engagements - from scoping, through threat modelling, information gathering, discovery, vulnerability assessment, active testing, pivoting and reporting.

What you'll do

  • You'll be responsible for penetration testing and red teaming activities, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results
  • Develop and refine methodologies to conduct Red Team operations successfully and consistently covering all areas of technology
  • You will assess EG's existing security capabilities to detect and respond to emerging threats and work with Detection team to ensure a smooth execution of testing activities (e.g. red/purple teaming, high-reaching cyber games, etc.)
  • Work with Threat Research team to develop red team scenarios in harmony with real attacks as well as business lines understanding their threats
  • You'll plan and execute complex red-team exercise by replicating, in a safe way, the strategies, techniques and procedures of threat actors, including technical coordination of activities and periodic reporting of progress to partners
  • Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex scenarios, emulating malicious actor behavior aimed at avoiding detection
  • You will deeply document exploit chain/proof of concept scenarios and influence partners in understanding risk exposure and containment measures from vulnerabilities

Who you are

  • Bachelor's Degree in engineering, Computer Science/Information Technology or its equivalent with enthusiasm for security researching
  • You have 6+ years of experience executing large scale penetration testing / red team testing assessments of highly critical systems
  • OSCP, OSCE, GPEN, CREST or similar certifications are a plus
  • You possess strong knowledge of security frameworks e.g. OWASP, SANS, MITRE ATT&CK Framework, Firewalls, IDS/IPS, Web Proxies and DLP among other
  • Detailed and up-to-date knowledge of wide range of security tools like Burp Suite, Nessus, Metasploit, Empire, Cobalt Strike, etc. and familiarity with common reconnaissance, exploitation, and post exploitation frameworks
  • You have the ability to develop creative tools, solutions, processes and automate tasks using a scripting language (Python, Perl, Ruby, etc.)
  • Knowledge of Linux operating systems, Source Code Analysis, Mobile Application Security, Microsoft technologies like Active Directory and others
  • You have the communication skill set to influence VPs, Directors, and other Technology Leaders to prioritize and execute remediation plans

Valid Through: 2019-11-5