Teradata empowers companies to achieve high-impact business outcomes through analytics. With a powerful combination of Industry expertise and leading hybrid cloud technologies for data warehousing and big data analytics, Teradata unleashes the potential of great companies. Partnering with top companies around the world, Teradata helps improve customer experience, mitigate risk, drive product innovation, achieve operational excellence, transform finance, and optimize assets. Teradata is recognized by media and industry analysts as a future-focused company for its technological excellence, sustainability, ethics, and business value.
The Teradata culture isn’t just about one kind of person. So many individuals make up who we are, making us that much more unique. It’s what sets apart the dynamic, diverse and collaborative environment that is Teradata. But even as individuals, there’s one thing that we all share —our united goal of making Teradata and our people the best we can be.
Staff Offensive Security Researcher
The offensive security group is the research and assurance arm of the Product Security Team. While the larger team provides security guidance to the product development teams, our group is tasked with ensuring that guidance is carried out and executed effectively. Through a variety of security assessments, we endeavor to provide valuable assistance to Teradata in understanding what threats exist and what their realistic impact to our products and services can be. We encourage research projects and conference presentations to show Teradata is an industry leader in security. From in depth code analysis and exploit development to wide scope full scale adversary simulation, the offensive security group will be pushing boundaries to provide a safer and more secure environment for Teradata’s customers and employees alike.
As a Staff Offensive Security Researcher, you will be a key contributor to all aspects of the Teradata offensive security program. Every day is different as we strive to identify securityrisks, automate repeatable tasks and processes, and support our product teams as they build secure, next-generation analytics toolsets. A participant in architecture and design meetings, your alternative perspective will ensure robust and hardened products. You will design and execute a variety of security assessments, including penetration test, vulnerability assessments, and red team operations to explore and demonstrate potential threats and highlight risk. As part of a small and diverse team of experts in their field you will be learning and growing on a daily basis. You will provide valuable insight to senior members of teams across Teradata, helping them to develop a security first mindset.
- Lead threat model reviews and provide alternative perspective on potential security concerns
- Conduct wide range of internal security assessments using architecture and threat model documents to identify and exploit product security flaws before public release
- Act as liaison between external penetration testing firms and internal product teams to ensure low friction, high value external engagements
- Assist product teams in remediation efforts by clarifying finding details and identifying best practice fixes or mitigations
- Participate in working groups to evaluate and refine secure development lifecycle strategies and procedures
- Evaluate existing automated security scanning tools, or develop when practical, to identify vulnerabilities in continuous test environment to eliminate potential of repeat findings over multiple tests
- Contribute to and support effort to build intellectual property via patents
- Design and present developersecurity education
- Conduct security assessments such as penetration tests, vulnerability assessments, and red team operations
- Write and present detailed reports with findings and remediation recommendations, with both technical and non-technical staff as audience
- Excellent written and verbal communication skills
- Ability to communicate effectively with business representatives in explaining findings clearly and where necessary, in layman's terms
- Knowledge of networking fundamentals (all OSI layers)
- Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes
- Knowledge of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, etc
- Ability to automate tasks using a scriptinglanguage (Python, Ruby, etc)
- Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
- Knowledge of conducting physical security penetration testing in small independent teams
- Knowledge of malware packing and obfuscation techniques
- Ability to perform targeted penetration tests without use of automated tools
- Ability to read multiple programming and scriptinglanguages
- Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work
- 5+ years in an offensive security position or 8+ years in security
- Advanced Penetration testing focused certifications preferred (OSCE, GXPN, GWAPT, eWPTX, ECPTX)