Offensive Security Engineer, Penetration Testing at Procter & Gamble Company

Warsaw, Masovian Voivodeship, Poland

Not SpecifiedCompensation

Junior (1 to 2 years), Mid-level (3 to 4 years)Experience Level

Full TimeJob Type

UnknownVisa

Consumer GoodsIndustries

BA or BS degree in Information Security, Cyber Security, Computer Science, or related field (OR 2+ years of relevant experience required in lieu of a degree)
2+ years of experience performing security testing
Ability to automate tasks by writing basic scripts/programs in at least 1 language (Python, PowerShell, C#, Assembly languages, etc.)
Basic level command-line experience with Linux-based operating systems
Experience in exploiting weaknesses in 2 or more of the following domains: enterprise applications, web applications, mobile applications, databases, infrastructure, IoT devices, network and cloud infrastructure, server, mainframe, and directory services
Ability to read and understand programming languages
Basic hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure)
Basic familiarity with multiple operating systems, minimally Windows and Linux
An adversarial mindset - ability to put yourself in the mind of the attacker
Communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
Preferred Skills
One or more penetration testing certifications (OSCP, OSWE, GPEN, GXPN, GWAPT, etc.)
Publicly released tools or modules
Experience in CTF competitions or Bug Bounty programs
Experience in mobile (iOS/Android) application development/assessment
Experience in Internet of Things (IoT) security and exploitation

Consult, design, and execute adversary simulation scenarios
Perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities
Work with cross functional teams to develop remediation suggestions based on scenario outcomes
Report observations using a standardized reporting structure
Bypass preventative and detective security controls to accomplish scenario goals
Conduct research into real-world threat actor tactics, techniques, and procedures to develop proof of concept tools
Investigate findings from our Vulnerability Disclosure Program
Partner with Cyber Defense Protect, Detect and Respond teams to operationalize new Cyber Security concepts and processes
Identify areas for team process improvement