Staff Security Engineer - Corporate Security

Staff Security Engineer – Corporate Security (multiple openings) (Austin, TX).

DUTIES: Lead technical execution of advanced security assessments such as staff augmentation initiatives, detection engineering exercises, threat hunts, risk-informed product security engagements, attack path mapping exercises, assumed breach scenarios, red team simulations, purple team engagements, and GRC compliance assessments. Lead risk-informed threat modeling sessions, defensive enablement, and tabletop exercises for enterprise-scale systems incorporating distributed architectures. Research emerging attack vectors and vulnerabilities and develop novel exploitation techniques. Create new methodologies for security testing of emerging technologies. Build custom security testing tools and frameworks for automated vulnerability discovery. Design training programs for security engineers covering emerging threats, attack techniques, and defensive strategies. Develop documentation for mitigation strategies and security implementation guides, specifically aimed at upskilling junior, senior, and lead security engineers

Lead security architecture reviews of CI/CD pipelines, cloud, on-premises, and hybrid infrastructures, and container orchestration platforms. Provide expert technical guidance to all security engineers working on complex security architecture and design decisions directly impacting client project deliverables. Host company-wide knowledge sharing sessions and Office Hours to create learning opportunities where engineers from all security domains can receive guidance on security topics that extend beyond immediate project work. Lead technical discovery sessions with customer stakeholders and provide expert guidance on testing approach selection based on their security objectives and technical environment.

REQUIREMENTS:

• Master’s in Computer Science, Engineering, Cybersecurity or related field plus 4 years of experience OR bachelor's degree plus 6 years of experience in cybersecurity specifically in:
  • Cloud Security Architectures (at least two of AWS, Azure or GCP)
  • Product/Application Security Testing (Web, Mobile)
  • Secure Code Review
  • Programming languages (C, Bash, Python, Assembly, Go, PowerShell, JavaScript)
  • External and Internal Network Penetration Testing
  • Reverse Engineering
  • Vulnerability Research and Exploit Development
  • Command and Control (C2) channel frameworks (Sliver, CobaltStrike, Mythic)
  • Threat modeling
  • Attack path mapping
  • Threat hunting
  • Table top exercises
  • Purple team exercises
• Must include 3 years of experience with:
  • Securing containerization technologies (Docker) and registry platforms DockerHub, ACR, ECR, & GCR
  • Securing orchestration technologies (Kubernetes) and cluster management platforms AKS, EKS, & GKE
  • Identity technologies for at least 3 of Azure AD, Auth0, OKTA, and Google Identity
  • Privilege access management solutions (CyberArk, BeyondTrust & Thycotic) and secrets management platforms (HashiCorp Vault & Cloud-Native KMSs)
• Must include 3 years of experience with the following security frameworks: MITRE ATT&CK, MITRE DEF3ND, NIST CSF, CIS 18
• At least one of the following foundational offensive security certifications (OSCP, PNPT)
• At least one of the following advanced certifications (CRTO, OSEP, CRTL, OSED)
• Domestic travel required up to 15% of time to client sites
• Fully Remote

APPLY TO: Praetorian Security Inc via email at leonardo.dinic@praetorian.com