Penetration Testing Staff Engineer - 5+ yrs at SonicWall

Bengaluru, Karnataka, India

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

CybersecurityIndustries

Requirements

Bachelor’s degree in Computer Science, Cybersecurity, Computer or Electrical Engineering, or equivalent experience
5+ years of experience in penetration testing, red teaming, or vulnerability research
Strong understanding of network protocols, web application security, and firmware architectures
Proficiency with tools such as Burp Suite, Nmap, Nessus, Metasploit, IDA Pro, Ghidra, binwalk, Scapy, Wireshark, and OWASP ZAP
Working knowledge of web technologies (HTTP/S, REST, TCP/IP, DNS, SMTP), Linux internals, and scripting languages (Python, Bash, PowerShell)
Ability to perform source code reviews in C/C++, Java, C#, or Python for security flaws
Strong communication skills — capable of presenting technical findings to both engineers and management
High attention to detail, strong analytical thinking, and self-driven approach to testing complex environments
Preferred Qualifications
Certifications: CEH, OSCP, GPEN, GWAPT, OSWE, GREM, or equivalent
Experience with secure development lifecycle (SDLC) integration and DevSecOps automation
Familiarity with exploit development, fuzzing frameworks (boofuzz, Peach), or custom tools

Responsibilities

Perform manual and automated penetration testing across web applications, firmware, and network appliances
Identify, exploit, and document vulnerabilities across diverse layers — from web interfaces to embedded firmware and network protocols
Conduct vulnerability scanning of SonicWall products, VMs, servers, and backend systems
Execute firmware and binary analysis using tools such as IDA Pro, Ghidra, and binwalk to uncover low-level security flaws
Perform web and API pen testing targeting OWASP Top 10 and emerging web vulnerabilities (e.g., SSRF, deserialization, logic flaws)
Assess firmware update mechanisms, cryptographic implementations, and secure boot processes for tampering or privilege escalation risks
Prepare detailed vulnerability reports including exploit paths, root cause analysis, and recommended remediations
Collaborate closely with engineering, QA, and development teams to identify, validate, and mitigate vulnerabilities — ensuring SonicWall products meet the highest standards of security and resilience
Support PSIRT investigations, including triage of internally discovered and externally reported vulnerabilities
Contribute to tooling, automation, and scripts that enhance penetration testing efficiency and coverage
Conduct independent research on novel web, network, and firmware vulnerabilities
Develop internal methodologies and knowledge base for consistent test execution across product domains

Skills

Key technologies and capabilities for this role

Penetration TestingVulnerability AssessmentIDA ProGhidrabinwalkOWASP Top 10Firmware AnalysisBinary AnalysisWeb Application TestingAPI TestingNetwork Protocols

Questions & Answers

Common questions about this position

What experience level is required for this Penetration Testing Staff Engineer role?

The role requires 5+ years of experience in penetration testing or related fields.

Where is this position located?

The position is located in Bengaluru.

What education is required for this role?

A Bachelor’s degree in Computer Science, Cybersecurity, Computer or Electrical Engineering, or equivalent experience is required.

What are the main technical responsibilities in this role?

Responsibilities include performing manual and automated penetration testing on web applications, firmware, and network appliances, firmware and binary analysis using tools like IDA Pro and Ghidra, and web/API pen testing targeting OWASP Top 10 vulnerabilities.

What teams will I collaborate with in this role?

You will collaborate closely with engineering, QA, and development teams to identify, validate, and mitigate vulnerabilities.

SonicWall

Provides cybersecurity solutions and services

About SonicWall

SonicWall provides advanced cybersecurity solutions to protect organizations from various cyber threats. Their product offerings include firewalls, secure remote access, email security, and advanced threat protection, all designed to safeguard networks, devices, and data from issues like ransomware, malware, and phishing attacks. SonicWall's products work by monitoring and controlling incoming and outgoing network traffic based on predetermined security rules, ensuring that only safe data is allowed through. Unlike many competitors, SonicWall offers a comprehensive suite of security products along with subscription-based services that provide ongoing updates and support, which helps clients stay protected against evolving threats. The company's goal is to deliver essential security solutions to a diverse range of clients, including small to medium-sized businesses, enterprises, and government agencies, ensuring their safety in an increasingly digital world.

Milpitas, CaliforniaHeadquarters

1991Year Founded

$48MTotal Funding

ACQUISITIONCompany Stage

Consulting, CybersecurityIndustries

1,001-5,000Employees

Benefits

Remote Work Options

Hybrid Work Options

Risks

Recent vulnerabilities in SMA products could harm SonicWall's reputation.

Integration challenges with CrowdStrike may affect service delivery.

Competitive pressure on TZ80 solution could impact SonicWall's market share.

Differentiation

SonicWall offers a comprehensive suite of security products and services.

The company specializes in advanced threat protection for diverse clients.

SonicWall's solutions include firewalls, VPNs, and email security.

Upsides

Growing demand for AI-based threat detection boosts SonicWall's market potential.

Partnership with CrowdStrike enhances SonicWall's offerings for SMBs.

Expansion of 5G networks increases demand for SonicWall's network security products.

Land your dream remote job 3x faster with AI

Try Jobo Free